ntfs: limit memory allocation in ntfs_attr_readall

check an attribute size before memory allocation, and reject if the size
is over the maximum size.

Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
index 78915c1d5128025e2a989bd0962722e14fd4d48f..e8cc74c9c9a735cfeb40b5e6623b092d6da047ab 100644 (file)
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -29,6 +29,13 @@
 
 __le16 AT_UNNAMED[] = { cpu_to_le16('\0') };
 
+/*
+ * Maximum size allowed for reading attributes by ntfs_attr_readall().
+ * Extended attribute, reparse point are not expected to be larger than this size.
+ */
+
+#define NTFS_ATTR_READALL_MAX_SIZE     (64 * 1024)
+
 /*
  * ntfs_map_runlist_nolock - map (a part of) a runlist of an ntfs inode
  * @ni:                ntfs inode for which to map (part of) a runlist
@@ -5117,6 +5124,13 @@ void *ntfs_attr_readall(struct ntfs_inode *ni, const __le32 type,
        }
        bmp_ni = NTFS_I(bmp_vi);
 
+       if (bmp_ni->data_size > NTFS_ATTR_READALL_MAX_SIZE &&
+               (bmp_ni->type != AT_BITMAP ||
+               bmp_ni->data_size > ((ni->vol->nr_clusters + 7) >> 3))) {
+               ntfs_error(sb, "Invalid attribute data size");
+               goto out;
+       }
+
        data = kvmalloc(bmp_ni->data_size, GFP_NOFS);
        if (!data)
                goto out;