btrfs: Check name_len before reading btrfs_get_name

In btrfs_get_name, there's btrfs_search_slot and reads name from
inode_ref/root_ref.

Call btrfs_is_name_len_valid in btrfs_get_name.

Signed-off-by: Su Yue <suy.fnst@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/export.c b/fs/btrfs/export.c
index 87144c9f9593823922161c61a687c19ab13e7e71..fa66980726c92ce68c84348ca3154854e97f72ec 100644 (file)
--- a/fs/btrfs/export.c
+++ b/fs/btrfs/export.c
@@ -282,6 +282,11 @@ static int btrfs_get_name(struct dentry *parent, char *name,
                name_len = btrfs_inode_ref_name_len(leaf, iref);
        }
 
+       ret = btrfs_is_name_len_valid(leaf, path->slots[0], name_ptr, name_len);
+       if (!ret) {
+               btrfs_free_path(path);
+               return -EIO;
+       }
        read_extent_buffer(leaf, name, name_ptr, name_len);
        btrfs_free_path(path);