[4/5] fs/ntfs3: Restore overflow checking for attr size in mi_enum_attr
Commit Message
Fixed comment.
Removed explicit initialization for INDEX_ROOT.
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
---
fs/ntfs3/index.c | 7 ++++---
fs/ntfs3/record.c | 5 +++++
fs/ntfs3/super.c | 2 +-
3 files changed, 10 insertions(+), 4 deletions(-)
inode->i_size > 100 * sizeof(struct ATTR_DEF_ENTRY)) {
@@ -994,7 +994,7 @@ struct INDEX_ROOT *indx_get_root(struct ntfs_index
*indx, struct ntfs_inode *ni,
struct ATTR_LIST_ENTRY *le = NULL;
struct ATTRIB *a;
const struct INDEX_NAMES *in = &s_index_names[indx->type];
- struct INDEX_ROOT *root = NULL;
+ struct INDEX_ROOT *root;
a = ni_find_attr(ni, NULL, &le, ATTR_ROOT, in->name, in->name_len,
NULL,
mi);
@@ -1007,8 +1007,9 @@ struct INDEX_ROOT *indx_get_root(struct ntfs_index
*indx, struct ntfs_inode *ni,
root = resident_data_ex(a, sizeof(struct INDEX_ROOT));
/* length check */
- if (root && offsetof(struct INDEX_ROOT, ihdr) +
le32_to_cpu(root->ihdr.used) >
- le32_to_cpu(a->res.data_size)) {
+ if (root &&
+ offsetof(struct INDEX_ROOT, ihdr) + le32_to_cpu(root->ihdr.used) >
+ le32_to_cpu(a->res.data_size)) {
return NULL;
}
@@ -220,6 +220,11 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi,
struct ATTRIB *attr)
return NULL;
}
+ if (off + asize < off) {
+ /* Overflow check. */
+ return NULL;
+ }
+
attr = Add2Ptr(attr, asize);
off += asize;
}
@@ -1187,7 +1187,7 @@ static int ntfs_fill_super(struct super_block *sb,
struct fs_context *fc)
/*
* Typical $AttrDef contains up to 20 entries.
- * Check for extremely large size.
+ * Check for extremely large/small size.
*/
if (inode->i_size < sizeof(struct ATTR_DEF_ENTRY) ||