]> xenbits.xensource.com Git - people/aperard/linux.git/commitdiff
projects / people / aperard / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0addfb1)
fs/ntfs3: Check for extremely large size of $AttrDef
authorKonstantin Komarov <almaz.alexandrovich@paragon-software.com>
Thu, 29 Dec 2022 11:58:56 +0000 (15:58 +0400)
committerKonstantin Komarov <almaz.alexandrovich@paragon-software.com>
Mon, 27 Mar 2023 12:59:15 +0000 (16:59 +0400)
Added additional checking for size of $AttrDef.
Added comment.

Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
fs/ntfs3/super.c patch | blob | blame | history

diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c
index ef4ea3f21905fc12ccb6f0f57d9d10626b1e1d27..0967035146cefbce25250ab6f5658676917a2a97 100644 (file)
--- a/fs/ntfs3/super.c
+++ b/fs/ntfs3/super.c
@@ -1185,10 +1185,18 @@ static int ntfs_fill_super(struct super_block *sb, struct fs_context *fc)
                goto out;
        }
 
-       if (inode->i_size < sizeof(struct ATTR_DEF_ENTRY)) {
+       /*
+        * Typical $AttrDef contains up to 20 entries.
+        * Check for extremely large size.
+        */
+       if (inode->i_size < sizeof(struct ATTR_DEF_ENTRY) ||
+           inode->i_size > 100 * sizeof(struct ATTR_DEF_ENTRY)) {
+               ntfs_err(sb, "Looks like $AttrDef is corrupted (size=%llu).",
+                        inode->i_size);
                err = -EINVAL;
                goto put_inode_out;
        }
+
        bytes = inode->i_size;
        sbi->def_table = t = kmalloc(bytes, GFP_NOFS | __GFP_NOWARN);
        if (!t) {
Linux