lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <dd3781f1-ca7f-4e7f-a7e3-453c8c29573e@paragon-software.com>
Date: Wed, 17 Apr 2024 16:06:01 +0300
From: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>
To: <ntfs3@...ts.linux.dev>, LKML <linux-kernel@...r.kernel.org>,
	Linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: [PATCH 03/11] fs/ntfs3: Mark volume as dirty if xattr is broken

Signed-off-by: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>
---
  fs/ntfs3/xattr.c | 17 +++++++++++------
  1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c
index 53e7d1fa036a..872df2197202 100644
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -200,6 +200,7 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, 
char *buffer,
      int err;
      int ea_size;
      size_t ret;
+    u8 name_len;

      err = ntfs_read_ea(ni, &ea_all, 0, &info);
      if (err)
@@ -215,28 +216,32 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, 
char *buffer,
      for (off = 0; off + sizeof(struct EA_FULL) < size; off += ea_size) {
          ea = Add2Ptr(ea_all, off);
          ea_size = unpacked_ea_size(ea);
+        name_len = ea->name_len;

-        if (!ea->name_len)
+        if (!name_len)
              break;

-        if (ea->name_len > ea_size)
+        if (name_len > ea_size) {
+            ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR);
+            err = -EINVAL; /* corrupted fs. */
              break;
+        }

          if (buffer) {
              /* Check if we can use field ea->name */
              if (off + ea_size > size)
                  break;

-            if (ret + ea->name_len + 1 > bytes_per_buffer) {
+            if (ret + name_len + 1 > bytes_per_buffer) {
                  err = -ERANGE;
                  goto out;
              }

-            memcpy(buffer + ret, ea->name, ea->name_len);
-            buffer[ret + ea->name_len] = 0;
+            memcpy(buffer + ret, ea->name, name_len);
+            buffer[ret + name_len] = 0;
          }

-        ret += ea->name_len + 1;
+        ret += name_len + 1;
      }

  out:
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ