Commit 0b79de32 authored by Hyunchul Lee's avatar Hyunchul Lee Committed by Namjae Jeon
Browse files

ntfs: limit memory allocation in ntfs_attr_readall 



check an attribute size before memory allocation, and reject if the size
is over the maximum size.

Signed-off-by: default avatarHyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
parent ca513e49

fs/ntfs/attrib.c

+14 −0
Original line number Diff line number Diff line
@@ -29,6 +29,13 @@ 


__le16 AT_UNNAMED[] = { cpu_to_le16('\0') };



/*

 * Maximum size allowed for reading attributes by ntfs_attr_readall().

 * Extended attribute, reparse point are not expected to be larger than this size.

 */



#define NTFS_ATTR_READALL_MAX_SIZE	(64 * 1024)



/*

 * ntfs_map_runlist_nolock - map (a part of) a runlist of an ntfs inode

 * @ni:		ntfs inode for which to map (part of) a runlist
@@ -5117,6 +5124,13 @@ void *ntfs_attr_readall(struct ntfs_inode *ni, const __le32 type, 
	}

	bmp_ni = NTFS_I(bmp_vi);



	if (bmp_ni->data_size > NTFS_ATTR_READALL_MAX_SIZE &&

		(bmp_ni->type != AT_BITMAP ||

		bmp_ni->data_size > ((ni->vol->nr_clusters + 7) >> 3))) {

		ntfs_error(sb, "Invalid attribute data size");

		goto out;

	}



	data = kvmalloc(bmp_ni->data_size, GFP_NOFS);

	if (!data)

		goto out;