[PATCH 6.1.y] fs/ntfs3: Fixed overflow check in mi_enum_attr()
From: Nikita Zhandarovich
Date: Sat Nov 30 2024 - 10:58:48 EST
From: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx>
[ Upstream commit 652cfeb43d6b9aba5c7c4902bed7a7340df131fb ]
Reported-by: Robert Morris <rtm@xxxxxxxxxxxxx>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx>
[Nikita: Fix for CVE-2024-27407 in 6.1.y. No changes were made
to get it to apply to older branch.]
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@xxxxxxxxxx>
---
fs/ntfs3/record.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c
index 7ab452710572..826a756669a3 100644
--- a/fs/ntfs3/record.c
+++ b/fs/ntfs3/record.c
@@ -273,7 +273,7 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr)
if (t16 > asize)
return NULL;
- if (t16 + le32_to_cpu(attr->res.data_size) > asize)
+ if (le32_to_cpu(attr->res.data_size) > asize - t16)
return NULL;
if (attr->name_len &&
--
2.25.1