lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_C51BB525D6BA72BB25338C9EB41B094B3608@qq.com> Date: Sat, 30 Dec 2023 17:00:03 +0800 From: Edward Adam Davis <eadavis@...com> To: syzbot+65e940cfb8f99a97aca7@...kaller.appspotmail.com Cc: almaz.alexandrovich@...agon-software.com, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, ntfs3@...ts.linux.dev, syzkaller-bugs@...glegroups.com Subject: [PATCH arm64] ntfs3: fix oob in ntfs_listxattr The length of name cannot exceed the space occupied by ea. Reported-and-tested-by: syzbot+65e940cfb8f99a97aca7@...kaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@...com> --- fs/ntfs3/xattr.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c index 4274b6f31cfa..3b97508a7bf2 100644 --- a/fs/ntfs3/xattr.c +++ b/fs/ntfs3/xattr.c @@ -219,6 +219,9 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer, if (!ea->name_len) break; + if (ea->name_len > ea_size) + break; + if (buffer) { /* Check if we can use field ea->name */ if (off + ea_size > size) -- 2.43.0
Powered by blists - more mailing lists