exfat: check if filename entries exceeds max filename length
stable inclusion from stable-v5.10.190 commit 381f7df0f3c3bd7dceb3e2b2b64c2f6247e2ac19 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7TLII CVE: CVE-2023-4273 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=381f7df0f3c3bd7dceb3e2b2b64c2f6247e2ac19 --------------------------- [ Upstream commit d4233457 ] exfat_extract_uni_name copies characters from a given file name entry into the 'uniname' variable. This variable is actually defined on the stack of the exfat_readdir() function. According to the definition of the 'exfat_uni_name' type, the file name should be limited 255 characters (+ null teminator space), but the exfat_get_uniname_from_ext_entry() function can write more characters because there is no check if filename entries exceeds max filename length. This patch add the check not to copy filename characters when exceeding max filename length. Cc: stable@vger.kernel.org Cc: Yuezhang Mo <Yuezhang.Mo@sony.com> Reported-by:Maxim Suhanov <dfirblog@gmail.com> Reviewed-by:
Loading
Please sign in to comment