fs/ntfs3: Add sanity check for file name

[ Upstream commit e841ecb139339602bc1853f5f09daa5d1ea920a2 ]

The length of the file name should be smaller than the directory entry size.

Reported-by: syzbot+598057afa0f49e62bd23@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=598057afa0f49e62bd23
Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/ntfs3/dir.c b/fs/ntfs3/dir.c
index a4ab0164d150d50cf5798c57dfd61f91fdbe555d..c49e64ebbd0a98e91aea4cbc04c616b1f61ac65f 100644 (file)
--- a/fs/ntfs3/dir.c
+++ b/fs/ntfs3/dir.c
@@ -304,6 +304,9 @@ static inline bool ntfs_dir_emit(struct ntfs_sb_info *sbi,
        if (sbi->options->nohidden && (fname->dup.fa & FILE_ATTRIBUTE_HIDDEN))
                return true;
 
+       if (fname->name_len + sizeof(struct NTFS_DE) > le16_to_cpu(e->size))
+               return true;
+
        name_len = ntfs_utf16_to_nls(sbi, fname->name, fname->name_len, name,
                                     PATH_MAX);
        if (name_len <= 0) {