From: Edward Adam Davis <eadavis@qq.com>
Date: Sat, 30 Dec 2023 09:00:03 +0000 (+0800)
Subject: fs/ntfs3: Fix oob in ntfs_listxattr
X-Git-Tag: v5.15.150~184
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a585faf0591548fe0920641950ebfa8a6eefe1cd;p=thirdparty%2Fkernel%2Fstable.git

fs/ntfs3: Fix oob in ntfs_listxattr

[ Upstream commit 731ab1f9828800df871c5a7ab9ffe965317d3f15 ]

The length of name cannot exceed the space occupied by ea.

Reported-and-tested-by: syzbot+65e940cfb8f99a97aca7@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c
index 8e739023e3057..d0b75d7f58a7b 100644
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -217,6 +217,9 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer,
 		if (!ea->name_len)
 			break;
 
+		if (ea->name_len > ea_size)
+			break;
+
 		if (buffer) {
 			/* Check if we can use field ea->name */
 			if (off + ea_size > size)