6.1-stable patches

added patches:
	fs-ntfs3-add-null-pointer-checks.patch

diff --git a/queue-6.1/fs-ntfs3-add-null-pointer-checks.patch b/queue-6.1/fs-ntfs3-add-null-pointer-checks.patch
new file mode 100644 (file)
index 0000000..3e55e87
--- /dev/null
+++ b/queue-6.1/fs-ntfs3-add-null-pointer-checks.patch
@@ -0,0 +1,66 @@
+From fc4992458e0aa2d2e82a25c922e6ac36c2d91083 Mon Sep 17 00:00:00 2001
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Date: Thu, 29 Dec 2022 15:44:43 +0400
+Subject: fs/ntfs3: Add null pointer checks
+
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+
+commit fc4992458e0aa2d2e82a25c922e6ac36c2d91083 upstream.
+
+Added null pointer checks in function ntfs_security_init.
+Also added le32_to_cpu in functions ntfs_security_init and indx_read.
+
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Cc: "Doebel, Bjoern" <doebel@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/fsntfs.c |   16 ++++++++++------
+ fs/ntfs3/index.c  |    3 ++-
+ 2 files changed, 12 insertions(+), 7 deletions(-)
+
+--- a/fs/ntfs3/fsntfs.c
++++ b/fs/ntfs3/fsntfs.c
+@@ -1842,10 +1842,12 @@ int ntfs_security_init(struct ntfs_sb_in
+               goto out;
+       }
+ 
+-      root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT));
+-      if (root_sdh->type != ATTR_ZERO ||
++      if(!(root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
++          root_sdh->type != ATTR_ZERO ||
+           root_sdh->rule != NTFS_COLLATION_TYPE_SECURITY_HASH ||
+-          offsetof(struct INDEX_ROOT, ihdr) + root_sdh->ihdr.used > attr->res.data_size) {
++          offsetof(struct INDEX_ROOT, ihdr) +
++                      le32_to_cpu(root_sdh->ihdr.used) >
++                      le32_to_cpu(attr->res.data_size)) {
+               err = -EINVAL;
+               goto out;
+       }
+@@ -1861,10 +1863,12 @@ int ntfs_security_init(struct ntfs_sb_in
+               goto out;
+       }
+ 
+-      root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT));
+-      if (root_sii->type != ATTR_ZERO ||
++      if(!(root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
++          root_sii->type != ATTR_ZERO ||
+           root_sii->rule != NTFS_COLLATION_TYPE_UINT ||
+-          offsetof(struct INDEX_ROOT, ihdr) + root_sii->ihdr.used > attr->res.data_size) {
++          offsetof(struct INDEX_ROOT, ihdr) +
++                      le32_to_cpu(root_sii->ihdr.used) >
++                      le32_to_cpu(attr->res.data_size)) {
+               err = -EINVAL;
+               goto out;
+       }
+--- a/fs/ntfs3/index.c
++++ b/fs/ntfs3/index.c
+@@ -1097,7 +1097,8 @@ ok:
+       }
+ 
+       /* check for index header length */
+-      if (offsetof(struct INDEX_BUFFER, ihdr) + ib->ihdr.used > bytes) {
++      if (offsetof(struct INDEX_BUFFER, ihdr) + le32_to_cpu(ib->ihdr.used) >
++          bytes) {
+               err = -EINVAL;
+               goto out;
+       }

diff --git a/queue-6.1/series b/queue-6.1/series
index 62cc584c7ec95334da0d2ced62733eaf1897e3d0..042c93056c15bc69f9a87a4cce054ae223014f15 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -204,3 +204,4 @@ nilfs2-fix-potential-bug-in-end_buffer_async_write.patch
 nilfs2-replace-warn_ons-for-invalid-dat-metadata-block-requests.patch
 dm-limit-the-number-of-targets-and-parameter-size-area.patch
 arm64-subscribe-microsoft-azure-cobalt-100-to-arm-neoverse-n2-errata.patch
+fs-ntfs3-add-null-pointer-checks.patch