| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4628ae8a-39e9-ecf8-3efe-193a1ad14d23@paragon-software.com>
Date: Fri, 30 Dec 2022 15:25:48 +0400
From: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>
To: <ntfs3@...ts.linux.dev>
CC: <linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>
Subject: [PATCH 3/5] fs/ntfs3: Check for extremely large size of $AttrDef
Added additional checking for size of $AttrDef.
Added comment.
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>
---
fs/ntfs3/super.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c
index ef4ea3f21905..0967035146ce 100644
--- a/fs/ntfs3/super.c
+++ b/fs/ntfs3/super.c
@@ -1185,10 +1185,18 @@ static int ntfs_fill_super(struct super_block
*sb, struct fs_context *fc)
goto out;
}
- if (inode->i_size < sizeof(struct ATTR_DEF_ENTRY)) {
+ /*
+ * Typical $AttrDef contains up to 20 entries.
+ * Check for extremely large size.
+ */
+ if (inode->i_size < sizeof(struct ATTR_DEF_ENTRY) ||
+ inode->i_size > 100 * sizeof(struct ATTR_DEF_ENTRY)) {
+ ntfs_err(sb, "Looks like $AttrDef is corrupted (size=%llu).",
+ inode->i_size);
err = -EINVAL;
goto put_inode_out;
}
+
bytes = inode->i_size;
sbi->def_table = t = kmalloc(bytes, GFP_NOFS | __GFP_NOWARN);
if (!t) {
--
2.34.1
Powered by blists - more mailing lists