[PATCH 6.1.y] fs/ntfs3: Fixed overflow check in mi_enum_attr()

From: Konstantin Komarov almaz.alexandrovich@paragon-software.com

[ Upstream commit 652cfeb43d6b9aba5c7c4902bed7a7340df131fb ]

Reported-by: Robert Morris rtm@csail.mit.edu Signed-off-by: Konstantin Komarov almaz.alexandrovich@paragon-software.com [Nikita: Fix for CVE-2024-27407 in 6.1.y. No changes were made to get it to apply to older branch.] Signed-off-by: Nikita Zhandarovich n.zhandarovich@fintech.ru --- fs/ntfs3/record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 7ab452710572..826a756669a3 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -273,7 +273,7 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) if (t16 > asize) return NULL;

- if (t16 + le32_to_cpu(attr->res.data_size) > asize) + if (le32_to_cpu(attr->res.data_size) > asize - t16) return NULL;

if (attr->name_len &&