Unverified Commit fc499245 authored by Konstantin Komarov's avatar Konstantin Komarov
Browse files

fs/ntfs3: Add null pointer checks 



Added null pointer checks in function ntfs_security_init.
Also added le32_to_cpu in functions ntfs_security_init and indx_read.

Signed-off-by: default avatarKonstantin Komarov <almaz.alexandrovich@paragon-software.com>
parent e479f0a6

fs/ntfs3/fsntfs.c

+10 −6
Original line number Diff line number Diff line
@@ -1876,10 +1876,12 @@ int ntfs_security_init(struct ntfs_sb_info *sbi) 
		goto out;

	}



	root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT));

	if (root_sdh->type != ATTR_ZERO ||

	if(!(root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||

	    root_sdh->type != ATTR_ZERO ||

	    root_sdh->rule != NTFS_COLLATION_TYPE_SECURITY_HASH ||

	    offsetof(struct INDEX_ROOT, ihdr) + root_sdh->ihdr.used > attr->res.data_size) {

	    offsetof(struct INDEX_ROOT, ihdr) +

			le32_to_cpu(root_sdh->ihdr.used) >

			le32_to_cpu(attr->res.data_size)) {

		err = -EINVAL;

		goto out;

	}
@@ -1895,10 +1897,12 @@ int ntfs_security_init(struct ntfs_sb_info *sbi) 
		goto out;

	}



	root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT));

	if (root_sii->type != ATTR_ZERO ||

	if(!(root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||

	    root_sii->type != ATTR_ZERO ||

	    root_sii->rule != NTFS_COLLATION_TYPE_UINT ||

	    offsetof(struct INDEX_ROOT, ihdr) + root_sii->ihdr.used > attr->res.data_size) {

	    offsetof(struct INDEX_ROOT, ihdr) +

			le32_to_cpu(root_sii->ihdr.used) >

			le32_to_cpu(attr->res.data_size)) {

		err = -EINVAL;

		goto out;

	}

fs/ntfs3/index.c

+2 −1
Original line number Diff line number Diff line
@@ -1102,7 +1102,8 @@ int indx_read(struct ntfs_index *indx, struct ntfs_inode *ni, CLST vbn, 
	}



	/* check for index header length */

	if (offsetof(struct INDEX_BUFFER, ihdr) + ib->ihdr.used > bytes) {

	if (offsetof(struct INDEX_BUFFER, ihdr) + le32_to_cpu(ib->ihdr.used) >

	    bytes) {

		err = -EINVAL;

		goto out;

	}