fs/ntfs3: Add null pointer checks

author Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

Thu, 29 Dec 2022 11:44:43 +0000 (15:44 +0400)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 23 Feb 2024 07:55:15 +0000 (08:55 +0100)
author Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Thu, 29 Dec 2022 11:44:43 +0000 (15:44 +0400)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 23 Feb 2024 07:55:15 +0000 (08:55 +0100)
diff --git a/fs/ntfs3/fsntfs.c b/fs/ntfs3/fsntfs.c

index 4413f6da68e6002e9b97140c865150e62504f3e7..110690edbf621943103a610129b7be3bbe5f593f 100644 (file)
--- a/fs/ntfs3/fsntfs.c
+++ b/fs/ntfs3/fsntfs.c
@@ -1872,10 +1872,12 @@ int ntfs_security_init(struct ntfs_sb_info *sbi)
                 goto out;
         }
  
-       root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT));
-       if (root_sdh->type != ATTR_ZERO ||
+       if(!(root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
+           root_sdh->type != ATTR_ZERO ||
             root_sdh->rule != NTFS_COLLATION_TYPE_SECURITY_HASH ||
-           offsetof(struct INDEX_ROOT, ihdr) + root_sdh->ihdr.used > attr->res.data_size) {
+           offsetof(struct INDEX_ROOT, ihdr) +
+                       le32_to_cpu(root_sdh->ihdr.used) >
+                       le32_to_cpu(attr->res.data_size)) {
                 err = -EINVAL;
                 goto out;
         }
@@ -1891,10 +1893,12 @@ int ntfs_security_init(struct ntfs_sb_info *sbi)
                 goto out;
         }
  
-       root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT));
-       if (root_sii->type != ATTR_ZERO ||
+       if(!(root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
+           root_sii->type != ATTR_ZERO ||
             root_sii->rule != NTFS_COLLATION_TYPE_UINT ||
-           offsetof(struct INDEX_ROOT, ihdr) + root_sii->ihdr.used > attr->res.data_size) {
+           offsetof(struct INDEX_ROOT, ihdr) +
+                       le32_to_cpu(root_sii->ihdr.used) >
+                       le32_to_cpu(attr->res.data_size)) {
                 err = -EINVAL;
                 goto out;
         }
diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c

index b49e62e2080b07191e5c5375ae99b61737385f0c..76935562d5ce3fdeb64219edaaf38f0a5bc6aeb3 100644 (file)
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1106,7 +1106,8 @@ ok:
         }
  
         /* check for index header length */
-       if (offsetof(struct INDEX_BUFFER, ihdr) + ib->ihdr.used > bytes) {
+       if (offsetof(struct INDEX_BUFFER, ihdr) + le32_to_cpu(ib->ihdr.used) >
+           bytes) {
                 err = -EINVAL;
                 goto out;
         }
author	Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
	Thu, 29 Dec 2022 11:44:43 +0000 (15:44 +0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 23 Feb 2024 07:55:15 +0000 (08:55 +0100)
fs/ntfs3/fsntfs.c		patch \| blob \| blame \| history
fs/ntfs3/index.c		patch \| blob \| blame \| history