diff options
| author | Konstantin Komarov <almaz.alexandrovich@paragon-software.com> | 2022-12-29 15:50:41 +0400 |
|---|---|---|
| committer | Konstantin Komarov <almaz.alexandrovich@paragon-software.com> | 2023-03-27 16:59:14 +0400 |
| commit | 0addfb1c2281b5ca2ac02e7dbf6f5a7dbfbc71b9 (patch) | |
| tree | f7b7ddf981cf4086480b91688c741bd62e5ed4b1 /fs/ntfs3 | |
| parent | fc4992458e0aa2d2e82a25c922e6ac36c2d91083 (diff) | |
fs/ntfs3: Improved checking of attribute's name length
Added comment, added null pointer checking.
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Diffstat (limited to 'fs/ntfs3')
| -rw-r--r-- | fs/ntfs3/inode.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c index 059f28878458..3d2e4c1270e4 100644 --- a/fs/ntfs3/inode.c +++ b/fs/ntfs3/inode.c @@ -137,7 +137,13 @@ next_attr: rsize = attr->non_res ? 0 : le32_to_cpu(attr->res.data_size); asize = le32_to_cpu(attr->size); - if (le16_to_cpu(attr->name_off) + attr->name_len > asize) + /* + * Really this check was done in 'ni_enum_attr_ex' -> ... 'mi_enum_attr'. + * There not critical to check this case again + */ + if (attr->name_len && + sizeof(short) * attr->name_len + le16_to_cpu(attr->name_off) > + asize) goto out; if (attr->non_res) { |