From 18a10d46f267057ede0490ddba71c106475b4eb1 Mon Sep 17 00:00:00 2001 From: Stephen Warren Date: Tue, 28 Jul 2015 21:55:03 -0600 Subject: [PATCH] fat: handle paths that include ../ The FAT code contains a special case to parse the root directory. This is needed since the root directory location/layout on disk is special cased for FAT12/16. In particular, the location and size of the FAT12/16 root directory is hard-coded and contiguous, whereas all FAT12/16 non-root directories, and all FAT32 directories, are stored in a non-contiguous fashion, with the layout represented by a linked-list of clusters in the FAT. If a file path contains ../ (for example /extlinux/../bcm2835-rpi-cm.dtb), it is possible to need to parse the root directory for the first element in the path (requiring application of the special case), then a sub- directory (in the general way), then re-parse the root directory (again requiring the special case). However, the current code in U-Boot only applies the special case for the very first path element, and never for any later path element. When reparsing the root directory without applying the special case, any file in a sector (or cluster?) other than the first sector/cluster of the root directory will not be found. This change modifies the non-root-dir-parsing loop of do_fat_read_at() to detect if it's walked back to the root directory, and if so, jumps back to the special case code that handles parsing of the root directory. This change was tested using sandbox by executing: ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0" ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0 /" ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0 /extlinux" ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0 /extlinux/" ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0 /extlinux/.." ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0 /extlinux/../" ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0 /extlinux/../backup" ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0 /extlinux/../backup/" ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0 /extlinux/../backup/.." ./u-boot -c "host bind 0 ../sd-p1.bin; ls host 0:0 /extlinux/../backup/../" ./u-boot -c "host bind 0 ../sd-p1.bin; load host 0:0 0 /bcm2835-rpi-cm.dtb" ./u-boot -c "host bind 0 ../sd-p1.bin; load host 0:0 0 /extlinux/../bcm2835-rpi-cm.dtb" ./u-boot -c "host bind 0 ../sd-p1.bin; load host 0:0 0 /backup/../bcm2835-rpi-cm.dtb" ./u-boot -c "host bind 0 ../sd-p1.bin; load host 0:0 0 /extlinux/..backup/../bcm2835-rpi-cm.dtb" ./u-boot -c "host bind 0 ../sd-p1.bin; load host 0:0 0 /extlinux/../backup/../bcm2835-rpi-cm.dtb" (/extlinux and /backup are in different sectors so trigger some different cases, and bcm2835-rpi-cm.dtb is in a sector of the root directory other than the first). In all honesty, this change is a bit of a hack, using goto and all. However, as demonstrated above it appears to work well in practice, is quite minimal, likely doesn't introduce any risk of regressions, and hopefully doesn't introduce any maintenance issues. The correct fix would be to collapse the root and non-root loops in do_fat_read_at() and get_dentfromdir() into a single loop that has a small special-case when moving from one sector to the next, to handle the layout difference of root/non-root directories. AFAIK all other aspects of directory parsing are identical. However, that's a much larger change which needs significantly more thought before it's implemented. Signed-off-by: Stephen Warren --- fs/fat/fat.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/fs/fat/fat.c b/fs/fat/fat.c index bccc3e3ed8..a863644d64 100644 --- a/fs/fat/fat.c +++ b/fs/fat/fat.c @@ -895,6 +895,7 @@ int do_fat_read_at(const char *filename, loff_t pos, void *buffer, strcpy(fnamecopy, filename); downcase(fnamecopy); +root_reparse: if (*fnamecopy == '\0') { if (!dols) goto exit; @@ -1180,6 +1181,34 @@ rootdir_done: if (isdir && !(dentptr->attr & ATTR_DIR)) goto exit; + /* + * If we are looking for a directory, and found a directory + * type entry, and the entry is for the root directory (as + * denoted by a cluster number of 0), jump back to the start + * of the function, since at least on FAT12/16, the root dir + * lives in a hard-coded location and needs special handling + * to parse, rather than simply following the cluster linked + * list in the FAT, like other directories. + */ + if (isdir && (dentptr->attr & ATTR_DIR) && !START(dentptr)) { + /* + * Modify the filename to remove the prefix that gets + * back to the root directory, so the initial root dir + * parsing code can continue from where we are without + * confusion. + */ + strcpy(fnamecopy, nextname ?: ""); + /* + * Set up state the same way as the function does when + * first started. This is required for the root dir + * parsing code operates in its expected environment. + */ + subname = ""; + cursect = mydata->rootdir_sect; + isdir = 0; + goto root_reparse; + } + if (idx >= 0) subname = nextname; } -- 2.25.1