| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241130155825.30829-1-n.zhandarovich@fintech.ru> Date: Sat, 30 Nov 2024 07:58:25 -0800 From: Nikita Zhandarovich <n.zhandarovich@...tech.ru> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, <stable@...r.kernel.org> CC: Nikita Zhandarovich <n.zhandarovich@...tech.ru>, Konstantin Komarov <almaz.alexandrovich@...agon-software.com>, <ntfs3@...ts.linux.dev>, <linux-kernel@...r.kernel.org>, <lvc-project@...uxtesting.org> Subject: [PATCH 6.1.y] fs/ntfs3: Fixed overflow check in mi_enum_attr() From: Konstantin Komarov <almaz.alexandrovich@...agon-software.com> [ Upstream commit 652cfeb43d6b9aba5c7c4902bed7a7340df131fb ] Reported-by: Robert Morris <rtm@...il.mit.edu> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@...agon-software.com> [Nikita: Fix for CVE-2024-27407 in 6.1.y. No changes were made to get it to apply to older branch.] Signed-off-by: Nikita Zhandarovich <n.zhandarovich@...tech.ru> --- fs/ntfs3/record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 7ab452710572..826a756669a3 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -273,7 +273,7 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) if (t16 > asize) return NULL; - if (t16 + le32_to_cpu(attr->res.data_size) > asize) + if (le32_to_cpu(attr->res.data_size) > asize - t16) return NULL; if (attr->name_len && -- 2.25.1
Powered by blists - more mailing lists