git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ntfs: check overflow when iterating ATTR_RECORDs
[sfrench/cifs-2.6.git] / fs / ntfs / attrib.c
diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
index cec4be2a2d2395c5bf360fece92303bcb6579bc7..a3865bc4a0c650129f78732442e8ba98ad4b1aa2 100644 (file)
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -617,6 +617,14 @@ static int ntfs_attr_find(const ATTR_TYPE type, const ntfschar *name,
                        return -ENOENT;
                if (unlikely(!a->length))
                        break;
+
+               /* check whether ATTR_RECORD's length wrap */
+               if ((u8 *)a + le32_to_cpu(a->length) < (u8 *)a)
+                       break;
+               /* check whether ATTR_RECORD's length is within bounds */
+               if ((u8 *)a + le32_to_cpu(a->length) > mrec_end)
+                       break;
+
                if (a->type != type)
                        continue;
                /*
Unnamed repository; edit this file 'description' to name the repository.