e2fsck: validate that fscrypt_symlink_data.len is not too large

Make e2fsck start validating that the ciphertext length stored in the
header of an encrypted symlink target, plus the header itself, is no
larger than a filesystem block.  Previously e2fsck only verified that
this size is not exactly equal to a filesystem block.  This was
sufficient for unencrypted symlinks, where the "actual length" is
computed using strnlen(), but not for encrypted symlinks; the kernel
also considers encrypted symlinks with too-large ciphertext length to be
invalid.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
index 421fa284a416c46037d317c19fd41f9241d98565..975f3f10624ec21741693188e9ced04a3a7b5c7e 100644 (file)
--- a/e2fsck/pass1.c
+++ b/e2fsck/pass1.c
@@ -243,7 +243,7 @@ int e2fsck_pass1_check_symlink(ext2_filsys fs, ext2_ino_t ino,
                } else {
                        len = strnlen(buf, fs->blocksize);
                }
-               if (len == fs->blocksize)
+               if (len >= fs->blocksize)
                        return 0;
        } else if (inode->i_flags & EXT4_INLINE_DATA_FL) {
                char *inline_buf = NULL;