| Message ID | 18640b25-5018-ebf2-38d9-e750404cb66f@paragon-software.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp352656vqx;
Mon, 3 Jul 2023 00:52:18 -0700 (PDT)
X-Google-Smtp-Source:
APBJJlHErm6pE/4YgBoPlFoBuhUeVKN3npQrMIXP1Xladt1XLpHYimfi1dnWjeF0IAa6Xlnz94Um
X-Received: by 2002:a05:6a00:8016:b0:677:3439:874a with SMTP id
eg22-20020a056a00801600b006773439874amr11026939pfb.3.1688370737695;
Mon, 03 Jul 2023 00:52:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1688370737; cv=none;
d=google.com; s=arc-20160816;
b=iDlgqFvOgjmdEC7CHgQiDpYtr4I0QZtvXlYsRg8wRO3ur3TL0Qn/9iXU/2cV1D50Px
46aZJbccnpF+cYcLxH/wHc1GeqoPffb3CZczZS7rulwk1g4HVkKHTPyR8rDA/z61n44I
b9Gv8RgHSXu7iV5cUSGPuFEeDPkzJF/geEaRPvq0jtK+ccDEGh43l496/Fn9RRGICels
bwMyUU/9qBUGAtvn7nIkYpMTjFiQl2BAnKrw1jU5tsj6IjZ3fygmHQn0yTr1+TxGcDbY
hO38O1vMKfEutRKCQ2FJv/1M/qNRG27S+nGjHA35w8zSff6uhfpWNWJQohGcxtzZvm13
CPbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:in-reply-to:references
:cc:to:from:content-language:subject:user-agent:mime-version:date
:message-id:dkim-signature:dkim-signature;
bh=D5iKNYHdfTlYuVyZq7hZxLedK3pQqQ8YbD1w2/CiIkM=;
fh=+YFVdCJq57+piIgB3kUO3LUIuYykw/jnC0zhAUs0Z14=;
b=kQQC/EWJ60iPn/h7jlyFLmu69OnEpTRfMbKZ/N2Wrv7r/JDpaeoTEgGZE6PdCVdQwL
KICISWZRnll2ejIlZc0M/9waHGvJ6PncBm5El5ol3HqQnZEIkb4K3IOM6GXtTmosGoHy
xFSmbO9jPIwCKoewizJtAm/bt19I8i2x608qRpyVAnl0Opk3HILeyYNOOS6ONHiafJ3c
aF1mRUHPm+i0C1nVIdaEM6c/EmBpgXBIiCJuJeQqLuzteq1Uc1IvskscsNXhztq5bdjY
GxMAuv1pIztzOWwO+WezmaYNaMshfrw2189auIbKThbRS3gaNuYa0jc/MQRjZoHnYS8u
VOxw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@paragon-software.com header.s=mail
header.b=CI1shzoj;
dkim=pass header.i=@paragon-software.com header.s=mail
header.b="QLU2NYl/";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=paragon-software.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
cn13-20020a056a00340d00b00678e14c629bsi14201769pfb.401.2023.07.03.00.52.05;
Mon, 03 Jul 2023 00:52:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@paragon-software.com header.s=mail
header.b=CI1shzoj;
dkim=pass header.i=@paragon-software.com header.s=mail
header.b="QLU2NYl/";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=paragon-software.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230383AbjGCH1v (ORCPT <rfc822;ivan.orlov0322@gmail.com>
+ 99 others); Mon, 3 Jul 2023 03:27:51 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33222 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230375AbjGCH1t (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 3 Jul 2023 03:27:49 -0400
Received: from relayaws-01.paragon-software.com
(relayaws-01.paragon-software.com [35.157.23.187])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0FE02E73;
Mon, 3 Jul 2023 00:27:24 -0700 (PDT)
Received: from relayfre-01.paragon-software.com (unknown [172.30.72.12])
by relayaws-01.paragon-software.com (Postfix) with ESMTPS id
701271D74;
Mon, 3 Jul 2023 07:22:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=paragon-software.com; s=mail; t=1688368931;
bh=D5iKNYHdfTlYuVyZq7hZxLedK3pQqQ8YbD1w2/CiIkM=;
h=Date:Subject:From:To:CC:References:In-Reply-To;
b=CI1shzojPy5vSQ43J+xYNHD1Gzp0EmNYBN5Mogs5S3EuABT2FjWh00R7QynsARaqy
L7Nmq6ppKhjiM2BncRx78NR9lx2quEERAFxeRoJLHNXG0vHRzRFzpn1MxA6fpxxEmF
Am2OoGIy/JyfpI/3JZUBFO6opPSLk7uzr8jti1/g=
Received: from dlg2.mail.paragon-software.com
(vdlg-exch-02.paragon-software.com [172.30.1.105])
by relayfre-01.paragon-software.com (Postfix) with ESMTPS id
D85EF1D1E;
Mon, 3 Jul 2023 07:27:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=paragon-software.com; s=mail; t=1688369242;
bh=D5iKNYHdfTlYuVyZq7hZxLedK3pQqQ8YbD1w2/CiIkM=;
h=Date:Subject:From:To:CC:References:In-Reply-To;
b=QLU2NYl/jPH9ptdm9LSZC8zXlU5D+m3dcAntTbIaWBkv4YUEl+TZvLtAyrmqWMP0X
0hjnpbirOKPB6D/3tyOtJXQ1+pbGGrisCNWVvD1n6B8kiABkXs1gxVlFPbqPIB2IZE
fPlsir8M7+6++8uLNS8rbBZrXuMMDSSB6h1J6jto=
Received: from [192.168.211.138] (192.168.211.138) by
vdlg-exch-02.paragon-software.com (172.30.1.105) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.7; Mon, 3 Jul 2023 10:27:22 +0300
Message-ID: <18640b25-5018-ebf2-38d9-e750404cb66f@paragon-software.com>
Date: Mon, 3 Jul 2023 11:27:21 +0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.12.0
Subject: [PATCH 6/8] fs/ntfs3: Add more attributes checks in mi_enum_attr()
Content-Language: en-US
From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
To: <ntfs3@lists.linux.dev>
CC: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
<linux-fsdevel@vger.kernel.org>
References: <e41f6717-7c70-edf2-2d3a-8034840d14c5@paragon-software.com>
In-Reply-To: <e41f6717-7c70-edf2-2d3a-8034840d14c5@paragon-software.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 8bit
X-Originating-IP: [192.168.211.138]
X-ClientProxiedBy: vdlg-exch-02.paragon-software.com (172.30.1.105) To
vdlg-exch-02.paragon-software.com (172.30.1.105)
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1770385034956268439?=
X-GMAIL-MSGID: =?utf-8?q?1770385034956268439?=
|
| Series |
fs/ntfs3: Bugfix and refactoring
|
|
Commit Message
Konstantin Komarov
July 3, 2023, 7:27 a.m. UTC
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
---
fs/ntfs3/record.c | 68 ++++++++++++++++++++++++++++++++++++-----------
1 file changed, 52 insertions(+), 16 deletions(-)
u32 total = le32_to_cpu(rec->total);
@@ -219,6 +220,7 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi,
struct ATTRIB *attr)
if (!is_rec_inuse(rec))
return NULL;
+ prev_type = 0;
attr = Add2Ptr(rec, off);
} else {
/* Check if input attr inside record. */
@@ -232,11 +234,11 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi,
struct ATTRIB *attr)
return NULL;
}
- if (off + asize < off) {
- /* Overflow check. */
+ /* Overflow check. */
+ if (off + asize < off)
return NULL;
- }
+ prev_type = le32_to_cpu(attr->type);
attr = Add2Ptr(attr, asize);
off += asize;
}
@@ -256,7 +258,11 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi,
struct ATTRIB *attr)
/* 0x100 is last known attribute for now. */
t32 = le32_to_cpu(attr->type);
- if ((t32 & 0xf) || (t32 > 0x100))
+ if (!t32 || (t32 & 0xf) || (t32 > 0x100))
+ return NULL;
+
+ /* attributes in record must be ordered by type */
+ if (t32 < prev_type)
return NULL;
/* Check overflow and boundary. */
@@ -265,16 +271,15 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi,
struct ATTRIB *attr)
/* Check size of attribute. */
if (!attr->non_res) {
+ /* Check resident fields. */
if (asize < SIZEOF_RESIDENT)
return NULL;
t16 = le16_to_cpu(attr->res.data_off);
-
if (t16 > asize)
return NULL;
- t32 = le32_to_cpu(attr->res.data_size);
- if (t16 + t32 > asize)
+ if (t16 + le32_to_cpu(attr->res.data_size) > asize)
return NULL;
t32 = sizeof(short) * attr->name_len;
@@ -284,21 +289,52 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi,
struct ATTRIB *attr)
return attr;
}
- /* Check some nonresident fields. */
- if (attr->name_len &&
- le16_to_cpu(attr->name_off) + sizeof(short) * attr->name_len >
- le16_to_cpu(attr->nres.run_off)) {
+ /* Check nonresident fields. */
+ if (attr->non_res != 1)
+ return NULL;
+
+ t16 = le16_to_cpu(attr->nres.run_off);
+ if (t16 > asize)
+ return NULL;
+
+ t32 = sizeof(short) * attr->name_len;
+ if (t32 && le16_to_cpu(attr->name_off) + t32 > t16)
+ return NULL;
+
+ /* Check start/end vcn. */
+ if (le64_to_cpu(attr->nres.svcn) > le64_to_cpu(attr->nres.evcn) + 1)
+ return NULL;
+
+ data_size = le64_to_cpu(attr->nres.data_size);
+ if (le64_to_cpu(attr->nres.valid_size) > data_size)
return NULL;
- }
- if (attr->nres.svcn || !is_attr_ext(attr)) {
+ alloc_size = le64_to_cpu(attr->nres.alloc_size);
+ if (data_size > alloc_size)
+ return NULL;
+
+ t32 = mi->sbi->cluster_mask;
+ if (alloc_size & t32)
+ return NULL;
+
+ if (!attr->nres.svcn && is_attr_ext(attr)) {
+ /* First segment of sparse/compressed attribute */
+ if (asize + 8 < SIZEOF_NONRESIDENT_EX)
+ return NULL;
+
+ tot_size = le64_to_cpu(attr->nres.total_size);
+ if (tot_size & t32)
+ return NULL;
+
+ if (tot_size > alloc_size)
+ return NULL;
+ } else {
if (asize + 8 < SIZEOF_NONRESIDENT)
return NULL;
if (attr->nres.c_unit)
return NULL;
- } else if (asize + 8 < SIZEOF_NONRESIDENT_EX)
- return NULL;
+ }
return attr;
}
diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index cae939cb42cf..53629b1f65e9 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -199,8 +199,9 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) { const struct MFT_REC *rec = mi->mrec; u32 used = le32_to_cpu(rec->used); - u32 t32, off, asize; + u32 t32, off, asize, prev_type; u16 t16; + u64 data_size, alloc_size, tot_size; if (!attr) {