From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 21 Feb 2024 11:11:20 +0000 (+0100)
Subject: 6.1-stable patches
X-Git-Tag: v4.19.307~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b6199d4be6671b620b272c9c7940d6312c521356;p=thirdparty%2Fkernel%2Fstable-queue.git

6.1-stable patches

added patches:
	fs-ntfs3-add-null-pointer-checks.patch
---

diff --git a/queue-6.1/fs-ntfs3-add-null-pointer-checks.patch b/queue-6.1/fs-ntfs3-add-null-pointer-checks.patch
new file mode 100644
index 00000000000..3e55e87e2fe
--- /dev/null
+++ b/queue-6.1/fs-ntfs3-add-null-pointer-checks.patch
@@ -0,0 +1,66 @@
+From fc4992458e0aa2d2e82a25c922e6ac36c2d91083 Mon Sep 17 00:00:00 2001
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Date: Thu, 29 Dec 2022 15:44:43 +0400
+Subject: fs/ntfs3: Add null pointer checks
+
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+
+commit fc4992458e0aa2d2e82a25c922e6ac36c2d91083 upstream.
+
+Added null pointer checks in function ntfs_security_init.
+Also added le32_to_cpu in functions ntfs_security_init and indx_read.
+
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Cc: "Doebel, Bjoern" <doebel@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/fsntfs.c |   16 ++++++++++------
+ fs/ntfs3/index.c  |    3 ++-
+ 2 files changed, 12 insertions(+), 7 deletions(-)
+
+--- a/fs/ntfs3/fsntfs.c
++++ b/fs/ntfs3/fsntfs.c
+@@ -1842,10 +1842,12 @@ int ntfs_security_init(struct ntfs_sb_in
+ 		goto out;
+ 	}
+ 
+-	root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT));
+-	if (root_sdh->type != ATTR_ZERO ||
++	if(!(root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
++	    root_sdh->type != ATTR_ZERO ||
+ 	    root_sdh->rule != NTFS_COLLATION_TYPE_SECURITY_HASH ||
+-	    offsetof(struct INDEX_ROOT, ihdr) + root_sdh->ihdr.used > attr->res.data_size) {
++	    offsetof(struct INDEX_ROOT, ihdr) +
++			le32_to_cpu(root_sdh->ihdr.used) >
++			le32_to_cpu(attr->res.data_size)) {
+ 		err = -EINVAL;
+ 		goto out;
+ 	}
+@@ -1861,10 +1863,12 @@ int ntfs_security_init(struct ntfs_sb_in
+ 		goto out;
+ 	}
+ 
+-	root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT));
+-	if (root_sii->type != ATTR_ZERO ||
++	if(!(root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
++	    root_sii->type != ATTR_ZERO ||
+ 	    root_sii->rule != NTFS_COLLATION_TYPE_UINT ||
+-	    offsetof(struct INDEX_ROOT, ihdr) + root_sii->ihdr.used > attr->res.data_size) {
++	    offsetof(struct INDEX_ROOT, ihdr) +
++			le32_to_cpu(root_sii->ihdr.used) >
++			le32_to_cpu(attr->res.data_size)) {
+ 		err = -EINVAL;
+ 		goto out;
+ 	}
+--- a/fs/ntfs3/index.c
++++ b/fs/ntfs3/index.c
+@@ -1097,7 +1097,8 @@ ok:
+ 	}
+ 
+ 	/* check for index header length */
+-	if (offsetof(struct INDEX_BUFFER, ihdr) + ib->ihdr.used > bytes) {
++	if (offsetof(struct INDEX_BUFFER, ihdr) + le32_to_cpu(ib->ihdr.used) >
++	    bytes) {
+ 		err = -EINVAL;
+ 		goto out;
+ 	}
diff --git a/queue-6.1/series b/queue-6.1/series
index 62cc584c7ec..042c93056c1 100644
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -204,3 +204,4 @@ nilfs2-fix-potential-bug-in-end_buffer_async_write.patch
 nilfs2-replace-warn_ons-for-invalid-dat-metadata-block-requests.patch
 dm-limit-the-number-of-targets-and-parameter-size-area.patch
 arm64-subscribe-microsoft-azure-cobalt-100-to-arm-neoverse-n2-errata.patch
+fs-ntfs3-add-null-pointer-checks.patch