fs/ntfs3: Check for extremely large size of $AttrDef

Added additional checking for size of $AttrDef. Added comment. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
author: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2022-12-29 15:58:56 +0400
committer: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2023-03-27 16:59:15 +0400
commit: 318d016e423054c143e5e58644ac93ef553013b9 (patch)
tree: c0977e758cd89563f5b5d98afb14f4409d9c8fce /fs/ntfs3/super.c
parent: 0addfb1c2281b5ca2ac02e7dbf6f5a7dbfbc71b9 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c
index ef4ea3f21905..0967035146ce 100644
--- a/fs/ntfs3/super.c
+++ b/fs/ntfs3/super.c
@@ -1185,10 +1185,18 @@ static int ntfs_fill_super(struct super_block *sb, struct fs_context *fc)
 		goto out;
 	}
 
-	if (inode->i_size < sizeof(struct ATTR_DEF_ENTRY)) {
+	/*
+	 * Typical $AttrDef contains up to 20 entries.
+	 * Check for extremely large size.
+	 */
+	if (inode->i_size < sizeof(struct ATTR_DEF_ENTRY) ||
+	    inode->i_size > 100 * sizeof(struct ATTR_DEF_ENTRY)) {
+		ntfs_err(sb, "Looks like $AttrDef is corrupted (size=%llu).",
+			 inode->i_size);
 		err = -EINVAL;
 		goto put_inode_out;
 	}
+
 	bytes = inode->i_size;
 	sbi->def_table = t = kmalloc(bytes, GFP_NOFS | __GFP_NOWARN);
 	if (!t) {
author	Konstantin Komarov <almaz.alexandrovich@paragon-software.com>	2022-12-29 15:58:56 +0400
committer	Konstantin Komarov <almaz.alexandrovich@paragon-software.com>	2023-03-27 16:59:15 +0400
commit	318d016e423054c143e5e58644ac93ef553013b9 (patch)
tree	c0977e758cd89563f5b5d98afb14f4409d9c8fce /fs/ntfs3/super.c
parent	0addfb1c2281b5ca2ac02e7dbf6f5a7dbfbc71b9 (diff)