Konstantin Komarov (2): fs/ntfs3: Fix NULL pointer dereference on error in attr_allocate_frame() fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()
fs/ntfs3/attrib.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)
From: Konstantin Komarov almaz.alexandrovich@paragon-software.com
mainline inclusion from mainline-v6.6-rc7 commit 9c689c8dc86f8ca99bf91c05f24c8bab38fe7d5f category: bugfix bugzilla: 189772 CVE: CVE-2023-52641
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Signed-off-by: Konstantin Komarov almaz.alexandrovich@paragon-software.com Signed-off-by: ZhaoLong Wang wangzhaolong1@huawei.com --- fs/ntfs3/attrib.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/fs/ntfs3/attrib.c b/fs/ntfs3/attrib.c index 3efab0fc8fc0..72ee29851696 100644 --- a/fs/ntfs3/attrib.c +++ b/fs/ntfs3/attrib.c @@ -1578,10 +1578,8 @@ int attr_allocate_frame(struct ntfs_inode *ni, CLST frame, size_t compr_size, le_b = NULL; attr_b = ni_find_attr(ni, NULL, &le_b, ATTR_DATA, NULL, 0, NULL, &mi_b); - if (!attr_b) { - err = -ENOENT; - goto out; - } + if (!attr_b) + return -ENOENT;
attr = attr_b; le = le_b;
From: Konstantin Komarov almaz.alexandrovich@paragon-software.com
mainline inclusion from mainline-v6.8-rc4 commit aaab47f204aaf47838241d57bf8662c8840de60a category: bugfix bugzilla: 189772 CVE: CVE-2023-52641
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
It is preferable to exit through the out: label because internal debugging functions are located there.
Signed-off-by: Konstantin Komarov almaz.alexandrovich@paragon-software.com Signed-off-by: ZhaoLong Wang wangzhaolong1@huawei.com --- fs/ntfs3/attrib.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/fs/ntfs3/attrib.c b/fs/ntfs3/attrib.c index 72ee29851696..68c99529f1d2 100644 --- a/fs/ntfs3/attrib.c +++ b/fs/ntfs3/attrib.c @@ -1578,8 +1578,10 @@ int attr_allocate_frame(struct ntfs_inode *ni, CLST frame, size_t compr_size, le_b = NULL; attr_b = ni_find_attr(ni, NULL, &le_b, ATTR_DATA, NULL, 0, NULL, &mi_b); - if (!attr_b) - return -ENOENT; + if (!attr_b) { + err = -ENOENT; + goto out; + }
attr = attr_b; le = le_b; @@ -1660,13 +1662,15 @@ int attr_allocate_frame(struct ntfs_inode *ni, CLST frame, size_t compr_size, ok: run_truncate_around(run, vcn); out: - if (new_valid > data_size) - new_valid = data_size; + if (attr_b) { + if (new_valid > data_size) + new_valid = data_size;
- valid_size = le64_to_cpu(attr_b->nres.valid_size); - if (new_valid != valid_size) { - attr_b->nres.valid_size = cpu_to_le64(valid_size); - mi_b->dirty = true; + valid_size = le64_to_cpu(attr_b->nres.valid_size); + if (new_valid != valid_size) { + attr_b->nres.valid_size = cpu_to_le64(valid_size); + mi_b->dirty = true; + } }
return err;
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/6211 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/F...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/6211 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/F...