]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 77a5ed6)
exfat: add a check for invalid data size
authorYuezhang Mo <Yuezhang.Mo@sony.com>
Sat, 8 Feb 2025 09:16:58 +0000 (17:16 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 10 Apr 2025 12:39:30 +0000 (14:39 +0200)
[ Upstream commit 13940cef95491472760ca261b6713692ece9b946 ]

Add a check for invalid data size to avoid corrupted filesystem
from being further corrupted.

Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
fs/exfat/namei.c patch | blob | blame | history

diff --git a/fs/exfat/namei.c b/fs/exfat/namei.c
index e47a5ddfc79b3d48a5fe41a9756e9bbb2dfd4f35..7b3951951f8af1c84abc2c7b921a4219f28f05c2 100644 (file)
--- a/fs/exfat/namei.c
+++ b/fs/exfat/namei.c
@@ -639,6 +639,11 @@ static int exfat_find(struct inode *dir, struct qstr *qname,
        info->valid_size = le64_to_cpu(ep2->dentry.stream.valid_size);
        info->size = le64_to_cpu(ep2->dentry.stream.size);
 
+       if (unlikely(EXFAT_B_TO_CLU_ROUND_UP(info->size, sbi) > sbi->used_clusters)) {
+               exfat_fs_error(sb, "data size is invalid(%lld)", info->size);
+               return -EIO;
+       }
+
        info->start_clu = le32_to_cpu(ep2->dentry.stream.start_clu);
        if (!is_valid_cluster(sbi, info->start_clu) && info->size) {
                exfat_warn(sb, "start_clu is invalid cluster(0x%x)",
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git