git.samba.org
/
sfrench
/
cifs-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ntfs: check overflow when iterating ATTR_RECORDs
[sfrench/cifs-2.6.git]
/
fs
/
ntfs
/
attrib.c
diff --git
a/fs/ntfs/attrib.c
b/fs/ntfs/attrib.c
index cec4be2a2d2395c5bf360fece92303bcb6579bc7..a3865bc4a0c650129f78732442e8ba98ad4b1aa2 100644
(file)
--- a/
fs/ntfs/attrib.c
+++ b/
fs/ntfs/attrib.c
@@
-617,6
+617,14
@@
static int ntfs_attr_find(const ATTR_TYPE type, const ntfschar *name,
return -ENOENT;
if (unlikely(!a->length))
break;
return -ENOENT;
if (unlikely(!a->length))
break;
+
+ /* check whether ATTR_RECORD's length wrap */
+ if ((u8 *)a + le32_to_cpu(a->length) < (u8 *)a)
+ break;
+ /* check whether ATTR_RECORD's length is within bounds */
+ if ((u8 *)a + le32_to_cpu(a->length) > mrec_end)
+ break;
+
if (a->type != type)
continue;
/*
if (a->type != type)
continue;
/*