Google Git
Sign in
kernel / pub / scm / linux / kernel / git / akpm / 25-new / 63f373f73ce6ffea62c9dd03309a96bdebff7ff0 / . / patches / old / ntfs-fix-use-after-free-in-ntfs_ucsncmp-v3.patch
blob: d5ce4eeab85a0045572d43e6722f97ae0a990575 [file] [log] [blame]
From: ChenXiaoSong <chenxiaosong2@huawei.com>
Subject: ntfs-fix-use-after-free-in-ntfs_ucsncmp-v3
Date: Sat, 9 Jul 2022 14:45:11 +0800
Cleanup suggested by Hawkins Jiawei
Link: https://lkml.kernel.org/r/20220709064511.3304299-1-chenxiaosong2@huawei.com
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: Yongqiang Liu <liuyongqiang13@huawei.com>
Cc: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Cc: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
fs/ntfs/attrib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ntfs/attrib.c~ntfs-fix-use-after-free-in-ntfs_ucsncmp-v3
+++ a/fs/ntfs/attrib.c
@@ -595,7 +595,7 @@ static int ntfs_attr_find(const ATTR_TYP
u8 *mrec_end = (u8 *)ctx->mrec +
le32_to_cpu(ctx->mrec->bytes_allocated);
u8 *name_end = (u8 *)a + le16_to_cpu(a->name_offset) +
- a->name_length;
+ a->name_length * sizeof(ntfschar);
if ((u8*)a < (u8*)ctx->mrec || (u8*)a > mrec_end ||
name_end > mrec_end)
break;
_