[PATCH 03/11] fs/ntfs3: Mark volume as dirty if xattr is broken

From: Konstantin Komarov
Date: Wed Apr 17 2024 - 09:06:18 EST


Signed-off-by: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx>
---
 fs/ntfs3/xattr.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c
index 53e7d1fa036a..872df2197202 100644
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -200,6 +200,7 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer,
     int err;
     int ea_size;
     size_t ret;
+    u8 name_len;

     err = ntfs_read_ea(ni, &ea_all, 0, &info);
     if (err)
@@ -215,28 +216,32 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer,
     for (off = 0; off + sizeof(struct EA_FULL) < size; off += ea_size) {
         ea = Add2Ptr(ea_all, off);
         ea_size = unpacked_ea_size(ea);
+        name_len = ea->name_len;

-        if (!ea->name_len)
+        if (!name_len)
             break;

-        if (ea->name_len > ea_size)
+        if (name_len > ea_size) {
+            ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR);
+            err = -EINVAL; /* corrupted fs. */
             break;
+        }

         if (buffer) {
             /* Check if we can use field ea->name */
             if (off + ea_size > size)
                 break;

-            if (ret + ea->name_len + 1 > bytes_per_buffer) {
+            if (ret + name_len + 1 > bytes_per_buffer) {
                 err = -ERANGE;
                 goto out;
             }

-            memcpy(buffer + ret, ea->name, ea->name_len);
-            buffer[ret + ea->name_len] = 0;
+            memcpy(buffer + ret, ea->name, name_len);
+            buffer[ret + name_len] = 0;
         }

-        ret += ea->name_len + 1;
+        ret += name_len + 1;
     }

 out:
--
2.34.1