Skip to content

Commit ec062a4

Browse files
aalexandrovichgregkh
aalexandrovich
authored and
gregkh
committed
fs/ntfs3: Sequential field availability check in mi_enum_attr()
commit 090f612756a9720ec18b0b130e28be49839d7cb5 upstream. The code is slightly reformatted to consistently check field availability without duplication. Fixes: 556bdf27c2dd ("ntfs3: Add bounds checking to mi_enum_attr()") Signed-off-by: Konstantin Komarov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
1 parent 746ed28 commit ec062a4

File tree

1 file changed

+7
-8
lines changed

1 file changed

+7
-8
lines changed

fs/ntfs3/record.c

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -231,6 +231,7 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr)
231231
}
232232

233233
/* Can we use the first field (attr->type). */
234+
/* NOTE: this code also checks attr->size availability. */
234235
if (off + 8 > used) {
235236
static_assert(ALIGN(sizeof(enum ATTR_TYPE), 8) == 8);
236237
return NULL;
@@ -251,10 +252,6 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr)
251252
return NULL;
252253

253254
asize = le32_to_cpu(attr->size);
254-
if (asize < SIZEOF_RESIDENT) {
255-
/* Impossible 'cause we should not return such attribute. */
256-
return NULL;
257-
}
258255

259256
/* Check overflow and boundary. */
260257
if (off + asize < off || off + asize > used)
@@ -285,6 +282,10 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr)
285282
if (attr->non_res != 1)
286283
return NULL;
287284

285+
/* Can we use memory including attr->nres.valid_size? */
286+
if (asize < SIZEOF_NONRESIDENT)
287+
return NULL;
288+
288289
t16 = le16_to_cpu(attr->nres.run_off);
289290
if (t16 > asize)
290291
return NULL;
@@ -311,7 +312,8 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr)
311312

312313
if (!attr->nres.svcn && is_attr_ext(attr)) {
313314
/* First segment of sparse/compressed attribute */
314-
if (asize + 8 < SIZEOF_NONRESIDENT_EX)
315+
/* Can we use memory including attr->nres.total_size? */
316+
if (asize < SIZEOF_NONRESIDENT_EX)
315317
return NULL;
316318

317319
tot_size = le64_to_cpu(attr->nres.total_size);
@@ -321,9 +323,6 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr)
321323
if (tot_size > alloc_size)
322324
return NULL;
323325
} else {
324-
if (asize + 8 < SIZEOF_NONRESIDENT)
325-
return NULL;
326-
327326
if (attr->nres.c_unit)
328327
return NULL;
329328
}

0 commit comments

Comments
 (0)