Notice: We have migrated to GitLab launching 2024-05-01 see here: https://gitlab.rtems.org/

#4542 assigned defect

filename length problem in JFFS2 with RTEMS4.11.3/RTEMS5.1

Reported by: chenjin_zhong Owned by: Needs Funding
Priority: normal Milestone: Indefinite
Component: fs/jffs2 Version: 5
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

Hi, the MACRO JFFS2_MAX_NAME_LEN defines the maximum length of filename is 254. The length of filename is unchecked in jffs2_create. But the length of filename is checked in rtems_jffs2_rmnod and rtems_jffs2_rename. This causes the creation of a file with a length of more than JFFS2_MAX_NAME_LEN will succeed, but rename or unlink failed. The src code is listed as follows. The bold function detects the length of filename.

static int rtems_jffs2_rmnod(

const rtems_filesystem_location_info_t *parentloc,
const rtems_filesystem_location_info_t *loc

)
{

struct _inode *dir_i = rtems_jffs2_get_inode_by_location(parentloc);
struct _inode *entry_i = rtems_jffs2_get_inode_by_location(loc);
char *name;
size_t namelen;
int eno = rtems_jffs2_cache_fd_name(entry_i, &name, &namelen);

if (eno == 0) {

switch (dir_i->i_mode & S_IFMT) {

case S_IFDIR:

eno = -jffs2_rmdir(dir_i, entry_i, name,

namelen);

break;

case S_IFREG:

eno = -jffs2_unlink(dir_i, entry_i, name,

namelen);

break;

default:

eno = EINVAL;
break;

}

}

return rtems_jffs2_eno_to_rv_and_errno(eno);

}

static int rtems_jffs2_rmnod(

const rtems_filesystem_location_info_t *parentloc,
const rtems_filesystem_location_info_t *loc

)

{

struct _inode *dir_i = rtems_jffs2_get_inode_by_location(parentloc);
struct _inode *entry_i = rtems_jffs2_get_inode_by_location(loc);
char *name;
size_t namelen;
int eno = rtems_jffs2_cache_fd_name(entry_i, &name, &namelen);

if (eno == 0) {

switch (dir_i->i_mode & S_IFMT) {

case S_IFDIR:

eno = -jffs2_rmdir(dir_i, entry_i, name,

namelen);

break;

case S_IFREG:

eno = -jffs2_unlink(dir_i, entry_i, name,

namelen);

break;

default:

eno = EINVAL;
break;

}

}

Change History (5)

comment:1 Changed on 11/12/21 at 13:51:59 by Sebastian Huber

This looks like a valid bug. The next step would be to add a test case to the test suite which reproduces the bug.

comment:2 Changed on 11/12/21 at 13:52:42 by Sebastian Huber

Component: adminfs/jaffs2

comment:3 Changed on 11/12/21 at 13:53:15 by Sebastian Huber

Owner: set to Needs Funding
Status: newassigned

comment:4 Changed on 11/10/22 at 02:03:01 by Chris Johns

Milestone: 5.15.3

comment:5 Changed on 01/31/23 at 05:37:48 by Chris Johns

Milestone: 5.3Indefinite

The ticket needs funding to be resolved.

Note: See TracTickets for help on using tickets.