bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-04-24 14:07:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fs/ntfs3: Add a check for attr_names and oatbl

Browse source 
commit 702d4930eb06dcfda85a2fa67e8a1a27bfa2a845 upstream.

Added out-of-bound checking for *ane (ATTR_NAME_ENTRY).

Reported-by: lei lu <llfamsec@gmail.com>
Fixes: 865e7a7700d93 ("fs/ntfs3: Reduce stack usage")
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Konstantin Komarov 2024-06-03 13:13:17 +03:00 committed by Greg Kroah-Hartman
parent 17440dbc66
commit f3124d51e4
1 changed files with 32 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

38
fs/ntfs3/fslog.c
View file

@ -3722,6 +3722,8 @@ int log_replay(struct ntfs_inode *ni, bool *initialized)
u64 rec_lsn, checkpt_lsn = 0, rlsn = 0; u64 rec_lsn, checkpt_lsn = 0, rlsn = 0;
struct ATTR_NAME_ENTRY *attr_names = NULL; struct ATTR_NAME_ENTRY *attr_names = NULL;
u32 attr_names_bytes = 0;
u32 oatbl_bytes = 0;
struct RESTART_TABLE *dptbl = NULL; struct RESTART_TABLE *dptbl = NULL;
struct RESTART_TABLE *trtbl = NULL; struct RESTART_TABLE *trtbl = NULL;
const struct RESTART_TABLE *rt; const struct RESTART_TABLE *rt;
@ -3736,6 +3738,7 @@ int log_replay(struct ntfs_inode *ni, bool *initialized)
struct NTFS_RESTART *rst = NULL; struct NTFS_RESTART *rst = NULL;
struct lcb *lcb = NULL; struct lcb *lcb = NULL;
struct OPEN_ATTR_ENRTY *oe; struct OPEN_ATTR_ENRTY *oe;
struct ATTR_NAME_ENTRY *ane;
struct TRANSACTION_ENTRY *tr; struct TRANSACTION_ENTRY *tr;
struct DIR_PAGE_ENTRY *dp; struct DIR_PAGE_ENTRY *dp;
u32 i, bytes_per_attr_entry; u32 i, bytes_per_attr_entry;
@ -4314,17 +4317,40 @@ check_attr_table:
lcb = NULL; lcb = NULL;
check_attribute_names2: check_attribute_names2:
if (rst->attr_names_len && oatbl) { if (attr_names && oatbl) {
struct ATTR_NAME_ENTRY *ane = attr_names; off = 0;
while (ane->off) { for (;;) {
/* Check we can use attribute name entry 'ane'. */
static_assert(sizeof(*ane) == 4);
if (off + sizeof(*ane) > attr_names_bytes) {
/* just ignore the rest. */
break;
}
ane = Add2Ptr(attr_names, off);
t16 = le16_to_cpu(ane->off);
if (!t16) {
/* this is the only valid exit. */
break;
}
/* Check we can use open attribute entry 'oe'. */
if (t16 + sizeof(*oe) > oatbl_bytes) {
/* just ignore the rest. */
break;
}
/* TODO: Clear table on exit! */ /* TODO: Clear table on exit! */
oe = Add2Ptr(oatbl, le16_to_cpu(ane->off)); oe = Add2Ptr(oatbl, t16);
t16 = le16_to_cpu(ane->name_bytes); t16 = le16_to_cpu(ane->name_bytes);
off += t16 + sizeof(*ane);
if (off > attr_names_bytes) {
/* just ignore the rest. */
break;
}
oe->name_len = t16 / sizeof(short); oe->name_len = t16 / sizeof(short);
oe->ptr = ane->name; oe->ptr = ane->name;
oe->is_attr_name = 2; oe->is_attr_name = 2;
ane = Add2Ptr(ane,
sizeof(struct ATTR_NAME_ENTRY) + t16);
} }
} }