!778 [sync] PR-774: Backport CVEs and bugfixes (665edcec) · Commits · EulixOS / Software / Kernel

fs/ntfs3/attrib.c

+13 −0

Original line number	Diff line number	Diff line
		@@ -101,6 +101,10 @@ int attr_load_runs(struct ATTRIB attr, struct ntfs_inode ni,

		asize = le32_to_cpu(attr->size);
		run_off = le16_to_cpu(attr->nres.run_off);

		if (run_off > asize)
		return -EINVAL;

		err = run_unpack_ex(run, ni->mi.sbi, ni->mi.rno, svcn, evcn,
		vcn ? *vcn : svcn, Add2Ptr(attr, run_off),
		asize - run_off);
		@@ -1157,6 +1161,10 @@ int attr_load_runs_vcn(struct ntfs_inode *ni, enum ATTR_TYPE type,
		}

		ro = le16_to_cpu(attr->nres.run_off);

		if (ro > le32_to_cpu(attr->size))
		return -EINVAL;

		err = run_unpack_ex(run, ni->mi.sbi, ni->mi.rno, svcn, evcn, svcn,
		Add2Ptr(attr, ro), le32_to_cpu(attr->size) - ro);
		if (err < 0)
		@@ -1832,6 +1840,11 @@ int attr_collapse_range(struct ntfs_inode *ni, u64 vbo, u64 bytes)
		u16 le_sz;
		u16 roff = le16_to_cpu(attr->nres.run_off);

		if (roff > le32_to_cpu(attr->size)) {
		err = -EINVAL;
		goto out;
		}

		run_unpack_ex(RUN_DEALLOCATE, sbi, ni->mi.rno, svcn,
		evcn1 - 1, svcn, Add2Ptr(attr, roff),
		le32_to_cpu(attr->size) - roff);

+5 −0

Original line number	Diff line number	Diff line
		@@ -68,6 +68,11 @@ int ntfs_load_attr_list(struct ntfs_inode ni, struct ATTRIB attr)

		run_init(&ni->attr_list.run);

		if (run_off > le32_to_cpu(attr->size)) {
		err = -EINVAL;
		goto out;
		}

		err = run_unpack_ex(&ni->attr_list.run, ni->mi.sbi, ni->mi.rno,
		0, le64_to_cpu(attr->nres.evcn), 0,
		Add2Ptr(attr, run_off),

+14 −0

Original line number	Diff line number	Diff line
		@@ -567,6 +567,12 @@ static int ni_repack(struct ntfs_inode *ni)
		}

		roff = le16_to_cpu(attr->nres.run_off);

		if (roff > le32_to_cpu(attr->size)) {
		err = -EINVAL;
		break;
		}

		err = run_unpack(&run, sbi, ni->mi.rno, svcn, evcn, svcn,
		Add2Ptr(attr, roff),
		le32_to_cpu(attr->size) - roff);
		@@ -1541,6 +1547,9 @@ int ni_delete_all(struct ntfs_inode *ni)
		asize = le32_to_cpu(attr->size);
		roff = le16_to_cpu(attr->nres.run_off);

		if (roff > asize)
		return -EINVAL;

		/* run==1 means unpack and deallocate. */
		run_unpack_ex(RUN_DEALLOCATE, sbi, ni->mi.rno, svcn, evcn, svcn,
		Add2Ptr(attr, roff), asize - roff);
		@@ -2238,6 +2247,11 @@ int ni_decompress_file(struct ntfs_inode *ni)
		asize = le32_to_cpu(attr->size);
		roff = le16_to_cpu(attr->nres.run_off);

		if (roff > asize) {
		err = -EINVAL;
		goto out;
		}

		/run==1 Means unpack and deallocate. /
		run_unpack_ex(RUN_DEALLOCATE, sbi, ni->mi.rno, svcn, evcn, svcn,
		Add2Ptr(attr, roff), asize - roff);

+9 −0

Original line number	Diff line number	Diff line
		@@ -2727,6 +2727,9 @@ static inline bool check_attr(const struct MFT_REC *rec,
		return false;
		}

		if (run_off > asize)
		return false;

		if (run_unpack(NULL, sbi, 0, svcn, evcn, svcn,
		Add2Ptr(attr, run_off), asize - run_off) < 0) {
		return false;
		@@ -4767,6 +4770,12 @@ int log_replay(struct ntfs_inode ni, bool initialized)
		u16 roff = le16_to_cpu(attr->nres.run_off);
		CLST svcn = le64_to_cpu(attr->nres.svcn);

		if (roff > t32) {
		kfree(oa->attr);
		oa->attr = NULL;
		goto fake_attr;
		}

		err = run_unpack(&oa->run0, sbi, inode->i_ino, svcn,
		le64_to_cpu(attr->nres.evcn), svcn,
		Add2Ptr(attr, roff), t32 - roff);

+6 −0

Original line number	Diff line number	Diff line
		@@ -373,7 +373,13 @@ static struct inode ntfs_read_mft(struct inode inode,
		attr_unpack_run:
		roff = le16_to_cpu(attr->nres.run_off);

		if (roff > asize) {
		err = -EINVAL;
		goto out;
		}

		t64 = le64_to_cpu(attr->nres.svcn);

		err = run_unpack_ex(run, sbi, ino, t64, le64_to_cpu(attr->nres.evcn),
		t64, Add2Ptr(attr, roff), asize - roff);
		if (err < 0)