[RTEMS Project] #4542: filename length problem in JFFS2 with RTEMS4.11.3/RTEMS5.1

RTEMS trac trac at rtems.org
Wed Nov 3 01:23:44 UTC 2021 

#4542: filename length problem in JFFS2  with RTEMS4.11.3/RTEMS5.1
----------------------------+--------------------
  Reporter:  chenjin_zhong  |      Owner:  (none)
      Type:  defect         |     Status:  new
  Priority:  normal         |  Milestone:  5.1
 Component:  admin          |    Version:  5
  Severity:  normal         |   Keywords:
Blocked By:                 |   Blocking:
----------------------------+--------------------
 Hi, the MACRO JFFS2_MAX_NAME_LEN defines the maximum length of filename is
 254. The length of filename is unchecked in jffs2_create. But the length
 of filename is checked in rtems_jffs2_rmnod and rtems_jffs2_rename. This
 causes the creation of a file with a length of more than
 JFFS2_MAX_NAME_LEN will succeed, but rename or unlink failed. The src code
 is listed as follows. The bold function detects the length of  filename.
    static int rtems_jffs2_rmnod(
         const rtems_filesystem_location_info_t *parentloc,
         const rtems_filesystem_location_info_t *loc
    )
    {
         struct _inode *dir_i =
 rtems_jffs2_get_inode_by_location(parentloc);
         struct _inode *entry_i = rtems_jffs2_get_inode_by_location(loc);
         char *name;
         size_t namelen;
         int eno = **rtems_jffs2_cache_fd_name(entry_i, &name, &namelen)**;

         if (eno == 0) {
                 switch (dir_i->i_mode & S_IFMT) {
                         case S_IFDIR:
                                 eno = -jffs2_rmdir(dir_i, entry_i, name,
                                     namelen);
                                 break;
                         case S_IFREG:
                                 eno = -jffs2_unlink(dir_i, entry_i, name,
                                      namelen);
                                 break;
                         default:
                                 eno = EINVAL;
                                 break;
                 }
         }

         return rtems_jffs2_eno_to_rv_and_errno(eno);
 }


      static int rtems_jffs2_rmnod(
         const rtems_filesystem_location_info_t *parentloc,
         const rtems_filesystem_location_info_t *loc
      )
     {
         struct _inode *dir_i =
 rtems_jffs2_get_inode_by_location(parentloc);
         struct _inode *entry_i = rtems_jffs2_get_inode_by_location(loc);
         char *name;
         size_t namelen;
         int eno = **rtems_jffs2_cache_fd_name(entry_i, &name, &namelen)**;

         if (eno == 0) {
                 switch (dir_i->i_mode & S_IFMT) {
                         case S_IFDIR:
                                 eno = -jffs2_rmdir(dir_i, entry_i, name,
                                        namelen);
                                 break;
                         case S_IFREG:
                                 eno = -jffs2_unlink(dir_i, entry_i, name,
                                       namelen);
                                 break;
                         default:
                                 eno = EINVAL;
                                 break;
                 }
         }

--
Ticket URL: <http://devel.rtems.org/ticket/4542>
RTEMS Project <http://www.rtems.org/>
RTEMS Project

More information about the bugs mailing list