omfs: sanity check cluster size

A corrupt filesystem could have a bad cluster size; this could result in
the filesystem allocating too much space for files if too large, or
getting stuck in omfs_allocate_block if too small.  The proper range is
1-8 blocks.

Reported-by: Eric Sesterhenn <snakebyte@gmx.de>
Signed-off-by: Bob Copeland <me@bobcopeland.com>

diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c
index 0af5d0af9f322b3fd1c64a8b7ac3f8bffb539644..579d33fedddd6a2edd9ddd773b690e7b50808397 100644 (file)
--- a/fs/omfs/inode.c
+++ b/fs/omfs/inode.c
@@ -517,6 +517,12 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent)
                        (unsigned long long) sbi->s_num_blocks);
                goto out_brelse_bh2;
        }
+       if (sbi->s_clustersize < 1 ||
+           sbi->s_clustersize > OMFS_MAX_CLUSTER_SIZE) {
+               printk(KERN_ERR "omfs: cluster size out of range (%d)",
+                       sbi->s_clustersize);
+               goto out_brelse_bh2;
+       }
 
        ret = omfs_get_imap(sb);
        if (ret)

diff --git a/fs/omfs/omfs_fs.h b/fs/omfs/omfs_fs.h
index 12cca245d6e8884e2397233da9d3fd5b288254c5..ee5e4327de92cc5e487e36dbbc8647f77702155d 100644 (file)
--- a/fs/omfs/omfs_fs.h
+++ b/fs/omfs/omfs_fs.h
@@ -17,6 +17,7 @@
 #define OMFS_EXTENT_CONT 0x40
 #define OMFS_XOR_COUNT 19
 #define OMFS_MAX_BLOCK_SIZE 8192
+#define OMFS_MAX_CLUSTER_SIZE 8
 
 struct omfs_super_block {
        char s_fill1[256];