LineageOS/android_external_ntfs-3g
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added a consistency check of attribute size in readall()

Browse Source 
Make sure the attribute designated to readall() has a reasonable size.
Apart from a bitmap, in a valid call, the attribute size is limited to
65536, and bitmaps are limited by the number of cluster.
This commit is contained in:
Jean-Pierre André
2021-05-17 15:39:52 +03:00
committed by Erik Larsson
parent 37a330ea8c
commit d86c34390d
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
libntfs-3g/attrib.c
View File

@@ -6727,6 +6727,19 @@ void *ntfs_attr_readall(ntfs_inode *ni, const ATTR_TYPES type,
ntfs_log_perror("ntfs_attr_open failed, inode %lld attr 0x%lx", ntfs_log_perror("ntfs_attr_open failed, inode %lld attr 0x%lx",
(long long)ni->mft_no,(long)le32_to_cpu(type)); (long long)ni->mft_no,(long)le32_to_cpu(type));
goto err_exit; goto err_exit;
}
/*
* Consistency check : restrict to 65536 bytes.
* index bitmaps may need more, but still limited by
* the number of clusters.
*/
if ((na->data_size > 65536)
&& ((type != AT_BITMAP)
|| ((na->data_size << 3) > ni->vol->nr_clusters))) {
ntfs_log_error("Corrupt attribute 0x%lx in inode %lld\n",
(long)le32_to_cpu(type),(long long)ni->mft_no);
errno = EOVERFLOW;
goto out;
} }
data = ntfs_malloc(na->data_size); data = ntfs_malloc(na->data_size);
if (!data) if (!data)