From nobody Tue Sep 16 20:06:06 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88C9EC4167B for ; Fri, 30 Dec 2022 11:24:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234765AbiL3LYE (ORCPT ); Fri, 30 Dec 2022 06:24:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229519AbiL3LYD (ORCPT ); Fri, 30 Dec 2022 06:24:03 -0500 Received: from relayaws-01.paragon-software.com (relayaws-01.paragon-software.com [35.157.23.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D0D91AD81; Fri, 30 Dec 2022 03:24:02 -0800 (PST) Received: from dlg2.mail.paragon-software.com (vdlg-exch-02.paragon-software.com [172.30.1.105]) by relayaws-01.paragon-software.com (Postfix) with ESMTPS id 88B7020EE; Fri, 30 Dec 2022 11:20:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragon-software.com; s=mail; t=1672399227; bh=Twpu2s1FblETHbbeLRTjYS0t9CCid29iOzsPHx6E0wE=; h=Date:Subject:From:To:CC:References:In-Reply-To; b=QR5/iro+5wvQnz4zgUWii+eGK6pfLK5jTlP6AP/lb7bu6kBjhnJzTX126KbMljeCh K4C63jAVeRuEkS25Qt480x0jhT43WWldB/Qy8GLP8U46K6BfFoY+Qf8Cvy8OUSLV1S lIK/c64ZDQWH9EXjkXsjMZrSoOuCSTKG1JxPm1ks= Received: from [192.168.211.146] (192.168.211.146) by vdlg-exch-02.paragon-software.com (172.30.1.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.7; Fri, 30 Dec 2022 14:23:59 +0300 Message-ID: <96b69941-36c3-04a1-cbfb-5a82c11e39f6@paragon-software.com> Date: Fri, 30 Dec 2022 15:23:59 +0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: [PATCH 1/5] fs/ntfs3: Add null pointer checks Content-Language: en-US From: Konstantin Komarov To: CC: , References: In-Reply-To: Content-Type: text/plain; charset="utf-8"; format="flowed" Content-Transfer-Encoding: quoted-printable X-Originating-IP: [192.168.211.146] X-ClientProxiedBy: vobn-exch-01.paragon-software.com (172.30.72.13) To vdlg-exch-02.paragon-software.com (172.30.1.105) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Added null pointer checks in function ntfs_security_init. Also added le32_to_cpu in functions ntfs_security_init and indx_read. Signed-off-by: Konstantin Komarov --- =C2=A0fs/ntfs3/fsntfs.c | 16 ++++++++++------ =C2=A0fs/ntfs3/index.c=C2=A0 |=C2=A0 3 ++- =C2=A02 files changed, 12 insertions(+), 7 deletions(-) diff --git a/fs/ntfs3/fsntfs.c b/fs/ntfs3/fsntfs.c index 8de861ddec60..1f36e89dcff7 100644 --- a/fs/ntfs3/fsntfs.c +++ b/fs/ntfs3/fsntfs.c @@ -1876,10 +1876,12 @@ int ntfs_security_init(struct ntfs_sb_info *sbi) =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 goto out; =C2=A0=C2=A0=C2=A0=C2=A0 } -=C2=A0=C2=A0=C2=A0 root_sdh =3D resident_data_ex(attr, sizeof(struct INDEX= _ROOT)); -=C2=A0=C2=A0=C2=A0 if (root_sdh->type !=3D ATTR_ZERO || +=C2=A0=C2=A0=C2=A0 if(!(root_sdh =3D resident_data_ex(attr, sizeof(struct = INDEX_ROOT))) || +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 root_sdh->type !=3D ATTR_ZERO || =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 root_sdh->rule !=3D NTFS_COLLA= TION_TYPE_SECURITY_HASH || -=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 offsetof(struct INDEX_ROOT, ihdr) + = root_sdh->ihdr.used >=20 attr->res.data_size) { +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 offsetof(struct INDEX_ROOT, ihdr) + +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 le32_to_cpu(root_= sdh->ihdr.used) > +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 le32_to_cpu(attr-= >res.data_size)) { =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 err =3D -EINVAL; =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 goto out; =C2=A0=C2=A0=C2=A0=C2=A0 } @@ -1895,10 +1897,12 @@ int ntfs_security_init(struct ntfs_sb_info *sbi) =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 goto out; =C2=A0=C2=A0=C2=A0=C2=A0 } -=C2=A0=C2=A0=C2=A0 root_sii =3D resident_data_ex(attr, sizeof(struct INDEX= _ROOT)); -=C2=A0=C2=A0=C2=A0 if (root_sii->type !=3D ATTR_ZERO || +=C2=A0=C2=A0=C2=A0 if(!(root_sii =3D resident_data_ex(attr, sizeof(struct = INDEX_ROOT))) || +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 root_sii->type !=3D ATTR_ZERO || =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 root_sii->rule !=3D NTFS_COLLA= TION_TYPE_UINT || -=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 offsetof(struct INDEX_ROOT, ihdr) + = root_sii->ihdr.used >=20 attr->res.data_size) { +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 offsetof(struct INDEX_ROOT, ihdr) + +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 le32_to_cpu(root_= sii->ihdr.used) > +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 le32_to_cpu(attr-= >res.data_size)) { =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 err =3D -EINVAL; =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 goto out; =C2=A0=C2=A0=C2=A0=C2=A0 } diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c index f716487ec8a0..8718df791a55 100644 --- a/fs/ntfs3/index.c +++ b/fs/ntfs3/index.c @@ -1102,7 +1102,8 @@ int indx_read(struct ntfs_index *indx, struct=20 ntfs_inode *ni, CLST vbn, =C2=A0=C2=A0=C2=A0=C2=A0 } =C2=A0=C2=A0=C2=A0=C2=A0 /* check for index header length */ -=C2=A0=C2=A0=C2=A0 if (offsetof(struct INDEX_BUFFER, ihdr) + ib->ihdr.used= > bytes) { +=C2=A0=C2=A0=C2=A0 if (offsetof(struct INDEX_BUFFER, ihdr) + le32_to_cpu(i= b->ihdr.used) > +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 bytes) { =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 err =3D -EINVAL; =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 goto out; =C2=A0=C2=A0=C2=A0=C2=A0 } --=20 2.34.1