diff options
| author | Konstantin Komarov <almaz.alexandrovich@paragon-software.com> | 2022-12-30 14:09:44 +0400 |
|---|---|---|
| committer | Konstantin Komarov <almaz.alexandrovich@paragon-software.com> | 2023-03-27 16:59:15 +0400 |
| commit | 30200ef8d1368f0dee424d5926bd7af0cdc87b54 (patch) | |
| tree | 6453506eac7b1ecbaaa2a6d9ec52dabfe0ace9a4 /fs/ntfs3 | |
| parent | 318d016e423054c143e5e58644ac93ef553013b9 (diff) | |
| download | lwn-30200ef8d1368f0dee424d5926bd7af0cdc87b54.tar.gz lwn-30200ef8d1368f0dee424d5926bd7af0cdc87b54.zip | |
fs/ntfs3: Restore overflow checking for attr size in mi_enum_attr
Fixed comment.
Removed explicit initialization for INDEX_ROOT.
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Diffstat (limited to 'fs/ntfs3')
| -rw-r--r-- | fs/ntfs3/index.c | 7 | ||||
| -rw-r--r-- | fs/ntfs3/record.c | 5 | ||||
| -rw-r--r-- | fs/ntfs3/super.c | 2 |
3 files changed, 10 insertions, 4 deletions
diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c index 8718df791a55..9fefeac5fe7e 100644 --- a/fs/ntfs3/index.c +++ b/fs/ntfs3/index.c @@ -994,7 +994,7 @@ struct INDEX_ROOT *indx_get_root(struct ntfs_index *indx, struct ntfs_inode *ni, struct ATTR_LIST_ENTRY *le = NULL; struct ATTRIB *a; const struct INDEX_NAMES *in = &s_index_names[indx->type]; - struct INDEX_ROOT *root = NULL; + struct INDEX_ROOT *root; a = ni_find_attr(ni, NULL, &le, ATTR_ROOT, in->name, in->name_len, NULL, mi); @@ -1007,8 +1007,9 @@ struct INDEX_ROOT *indx_get_root(struct ntfs_index *indx, struct ntfs_inode *ni, root = resident_data_ex(a, sizeof(struct INDEX_ROOT)); /* length check */ - if (root && offsetof(struct INDEX_ROOT, ihdr) + le32_to_cpu(root->ihdr.used) > - le32_to_cpu(a->res.data_size)) { + if (root && + offsetof(struct INDEX_ROOT, ihdr) + le32_to_cpu(root->ihdr.used) > + le32_to_cpu(a->res.data_size)) { return NULL; } diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index abfe004774c0..0603169ee8a0 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -220,6 +220,11 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) return NULL; } + if (off + asize < off) { + /* Overflow check. */ + return NULL; + } + attr = Add2Ptr(attr, asize); off += asize; } diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index 0967035146ce..19d0889b131f 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -1187,7 +1187,7 @@ static int ntfs_fill_super(struct super_block *sb, struct fs_context *fc) /* * Typical $AttrDef contains up to 20 entries. - * Check for extremely large size. + * Check for extremely large/small size. */ if (inode->i_size < sizeof(struct ATTR_DEF_ENTRY) || inode->i_size > 100 * sizeof(struct ATTR_DEF_ENTRY)) { |