quota: Add more checking after reading from quota file (191249f7) · Commits · EulixOS / Software / Kernel

fs/quota/quota_tree.c

+17 −2

Original line number	Diff line number	Diff line
		@@ -96,6 +96,11 @@ static int check_dquot_block_header(struct qtree_mem_dqinfo *info,
		err = do_check_range(info->dqi_sb, "dqdh_prev_free",
		le32_to_cpu(dh->dqdh_prev_free), 0,
		info->dqi_blocks - 1);
		if (err)
		return err;
		err = do_check_range(info->dqi_sb, "dqdh_entries",
		le16_to_cpu(dh->dqdh_entries), 0,
		qtree_dqstr_in_blk(info));

		return err;
		}
		@@ -348,6 +353,10 @@ static int do_insert_tree(struct qtree_mem_dqinfo info, struct dquot dquot,
		}
		ref = (__le32 *)buf;
		newblk = le32_to_cpu(ref[get_index(info, dquot->dq_id, depth)]);
		ret = do_check_range(dquot->dq_sb, "block", newblk, 0,
		info->dqi_blocks - 1);
		if (ret)
		goto out_buf;
		if (!newblk)
		newson = 1;
		if (depth == info->dqi_qtree_depth - 1) {
		@@ -739,15 +748,21 @@ static int find_next_id(struct qtree_mem_dqinfo info, qid_t id,
		goto out_buf;
		}
		for (i = __get_index(info, *id, depth); i < epb; i++) {
		if (ref[i] == cpu_to_le32(0)) {
		uint blk_no = le32_to_cpu(ref[i]);

		if (blk_no == 0) {
		*id += level_inc;
		continue;
		}
		ret = do_check_range(info->dqi_sb, "block", blk_no, 0,
		info->dqi_blocks - 1);
		if (ret)
		goto out_buf;
		if (depth == info->dqi_qtree_depth - 1) {
		ret = 0;
		goto out_buf;
		}
		ret = find_next_id(info, id, le32_to_cpu(ref[i]), depth + 1);
		ret = find_next_id(info, id, blk_no, depth + 1);
		if (ret != -ENOENT)
		break;
		}