On Tue, 05 May 2026 03:38:16 -0700, Peter Collingbourne wrote:
> When encountering a symlink pointing to an absolute path, ubifs_findfile
> would return the target of the symlink as the result instead of resolving
> any following components in the original path. Fix it by following the
> same code path that is used for relative paths except that we set the
> next inode to the root if we see a leading slash.
>
> The existing code used memcpy and sprintf to copy the symlink target
> into a fixed size stack buffer and was therefore vulnerable to buffer
> overflows with a sufficiently long symlink target. Fix it by using a
> heap buffer for the temporary path during path resolution.
>
> [...]
Applied to u-boot/master, thanks!
[1/1] fs: ubifs: fix bugs involving symlinks in ubifs_findfile
commit: d5888d509cc43942ec98d993f2d129f5c8ddc432
--
Tom
