| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_C51BB525D6BA72BB25338C9EB41B094B3608@qq.com>
Date: Sat, 30 Dec 2023 17:00:03 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+65e940cfb8f99a97aca7@...kaller.appspotmail.com
Cc: almaz.alexandrovich@...agon-software.com,
linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org,
ntfs3@...ts.linux.dev,
syzkaller-bugs@...glegroups.com
Subject: [PATCH arm64] ntfs3: fix oob in ntfs_listxattr
The length of name cannot exceed the space occupied by ea.
Reported-and-tested-by: syzbot+65e940cfb8f99a97aca7@...kaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@...com>
---
fs/ntfs3/xattr.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c
index 4274b6f31cfa..3b97508a7bf2 100644
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -219,6 +219,9 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer,
if (!ea->name_len)
break;
+ if (ea->name_len > ea_size)
+ break;
+
if (buffer) {
/* Check if we can use field ea->name */
if (off + ea_size > size)
--
2.43.0
Powered by blists - more mailing lists