[PATCH] fs: ubifs: fix bugs involving symlinks in ubifs_findfile
Heiko Schocher
hs at nabladev.com
Tue May 12 14:35:07 CEST 2026
Hello Peter,
On 05.05.26 12:38, Peter Collingbourne wrote:
> When encountering a symlink pointing to an absolute path, ubifs_findfile
> would return the target of the symlink as the result instead of resolving
> any following components in the original path. Fix it by following the
> same code path that is used for relative paths except that we set the
> next inode to the root if we see a leading slash.
>
> The existing code used memcpy and sprintf to copy the symlink target
> into a fixed size stack buffer and was therefore vulnerable to buffer
> overflows with a sufficiently long symlink target. Fix it by using a
> heap buffer for the temporary path during path resolution.
>
> Signed-off-by: Peter Collingbourne <peter at pcc.me.uk>
> Fixes: 9d7952e4c636 ("ubifs: Add support for looking up directory and relative symlinks")
> ---
> fs/ubifs/ubifs.c | 70 +++++++++++++++++++++++++++++++-----------------
> 1 file changed, 45 insertions(+), 25 deletions(-)
Thanks!
Reviewed-by: Heiko Schocher <hs at nabladev.com>
bye,
Heiko
--
Nabla Software Engineering
HRB 40522 Augsburg
Phone: +49 821 45592596
E-Mail: office at nabladev.com
Geschäftsführer : Stefano Babic
More information about the U-Boot
mailing list