| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Feb 2021 07:59:30 -0800
From: Rustam Kovhaev <rkovhaev@...il.com>
To: anton@...era.com, linux-ntfs-dev@...ts.sourceforge.net
Cc: linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org,
Rustam Kovhaev <rkovhaev@...il.com>
Subject: [PATCH] ntfs: check for valid standard information attribute
we should check for valid STANDARD_INFORMATION attribute offset and
length before trying to access it
Reported-and-tested-by: syzbot+c584225dabdea2f71969@...kaller.appspotmail.com
Signed-off-by: Rustam Kovhaev <rkovhaev@...il.com>
Acked-by: Anton Altaparmakov <anton@...era.com>
Link: https://syzkaller.appspot.com/bug?extid=c584225dabdea2f71969
---
fs/ntfs/inode.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index f7e4cbc26eaf..be4ff9386ec0 100644
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -629,6 +629,12 @@ static int ntfs_read_locked_inode(struct inode *vi)
}
a = ctx->attr;
/* Get the standard information attribute value. */
+ if ((u8 *)a + le16_to_cpu(a->data.resident.value_offset)
+ + le32_to_cpu(a->data.resident.value_length) >
+ (u8 *)ctx->mrec + vol->mft_record_size) {
+ ntfs_error(vi->i_sb, "Corrupt standard information attribute in inode.");
+ goto unm_err_out;
+ }
si = (STANDARD_INFORMATION*)((u8*)a +
le16_to_cpu(a->data.resident.value_offset));
--
2.30.0
Powered by blists - more mailing lists