Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
ntfs: limit memory allocation in ntfs_attr_readall
check an attribute size before memory allocation, and reject if the size
is over the maximum size.
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
authored by
Hyunchul Lee
and committed by
Namjae Jeon
0b79de32
ca513e49
+14
+14
fs/ntfs/attrib.c
+14
fs/ntfs/attrib.c
···
30
30
__le16 AT_UNNAMED[] = { cpu_to_le16('\0') };
31
31
32
32
/*
33
+
* Maximum size allowed for reading attributes by ntfs_attr_readall().
34
+
* Extended attribute, reparse point are not expected to be larger than this size.
35
+
*/
36
+
37
+
#define NTFS_ATTR_READALL_MAX_SIZE (64 * 1024)
38
+
39
+
/*
33
40
* ntfs_map_runlist_nolock - map (a part of) a runlist of an ntfs inode
34
41
* @ni: ntfs inode for which to map (part of) a runlist
35
42
* @vcn: map runlist part containing this vcn
···
5123
5116
goto err_exit;
5124
5117
}
5125
5118
bmp_ni = NTFS_I(bmp_vi);
5119
+
5120
+
if (bmp_ni->data_size > NTFS_ATTR_READALL_MAX_SIZE &&
5121
+
(bmp_ni->type != AT_BITMAP ||
5122
+
bmp_ni->data_size > ((ni->vol->nr_clusters + 7) >> 3))) {
5123
+
ntfs_error(sb, "Invalid attribute data size");
5124
+
goto out;
5125
+
}
5126
5126
5127
5127
data = kvmalloc(bmp_ni->data_size, GFP_NOFS);
5128
5128
if (!data)