Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-01 10:45:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ab84eee4c7
linux-stable/fs/ntfs3
History
Zeng Heng ab84eee4c7
fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() 
Here is a BUG report from syzbot:

BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631

Call Trace:
 memmove+0x25/0x60 mm/kasan/shadow.c:54
 hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
 indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193
 ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910
 ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712
 ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276

Before using the meta-data in struct INDEX_HDR, we need to
check index header valid or not. Otherwise, the corruptedi
(or malicious) fs image can cause out-of-bounds access which
could make kernel panic.

Fixes: 82cae269cf ("fs/ntfs3: Add initialization of super block")
Reported-by: syzbot+9c2811fd56591639ff5f@syzkaller.appspotmail.com
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-03-27 16:59:12 +04:00
..
lib fs/ntfs3: Add missing header and guards to lib/ headers 2021-09-13 19:41:44 +03:00
attrib.c fs/ntfs3: Restore correct state after ENOSPC in attr_data_get_block 2022-11-14 19:50:46 +03:00
attrlist.c fs/ntfs3: Validate data run offset 2022-09-30 17:39:49 +03:00
bitfunc.c fs/ntfs3: Add ntfs_bitmap_weight_le function and refactoring 2022-11-14 19:50:42 +03:00
bitmap.c fs/ntfs3: Improve checking of bad clusters 2022-11-14 19:50:48 +03:00
debug.h fs/ntfs3. Add forward declarations for structs to debug.h 2021-09-13 19:41:43 +03:00
dir.c fs/ntfs3: Fix sparse problems 2022-11-14 19:50:42 +03:00
file.c fs.idmapped.v6.3 2023-02-20 11:53:11 -08:00
frecord.c fs/ntfs3: Fix NULL dereference in ni_write_inode 2023-03-27 16:59:11 +04:00
fslog.c fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() 2023-03-27 16:59:12 +04:00
fsntfs.c fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode' 2023-03-27 16:59:09 +04:00
index.c fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() 2023-03-27 16:59:12 +04:00
inode.c fs/ntfs3: Validate MFT flags before replaying logs 2023-03-27 16:59:11 +04:00
Kconfig fs: build the legacy direct I/O code conditionally 2023-01-26 10:30:56 -07:00
lznt.c fs/ntfs3: Remove tabs before spaces from comment 2021-09-16 17:01:36 +03:00
Makefile fs/ntfs3: Add Kconfig, Makefile and doc 2021-08-13 07:56:37 -07:00
namei.c fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() 2023-03-27 16:59:08 +04:00
ntfs_fs.h fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() 2023-03-27 16:59:12 +04:00
ntfs.h fs/ntfs3: Fix wrong if in hdr_first_de 2022-11-14 19:50:48 +03:00
record.c fs/ntfs3: Enhance the attribute size check 2023-03-27 16:59:10 +04:00
run.c fs/ntfs3: Improve checking of bad clusters 2022-11-14 19:50:48 +03:00
super.c fs/ntfs3: Improve checking of bad clusters 2022-11-14 19:50:48 +03:00
upcase.c fs/ntfs3: Add option "nocase" 2022-09-30 17:39:47 +03:00
xattr.c fs/ntfs3: Fix wrong cast in xattr.c 2023-03-27 16:59:07 +04:00