summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorKonstantin Komarov <almaz.alexandrovich@paragon-software.com>2021-10-11 19:43:29 +0300
committerKonstantin Komarov <almaz.alexandrovich@paragon-software.com>2021-10-12 18:53:03 +0300
commit8607954cf255329d1c6dfc073ff1508b7585573c (patch)
tree353b2268ffe99bc471f4f5610b9bb5893c608f80 /fs
parent22b05f1ac0332cb47701649206997d8d9a1a7f24 (diff)
downloadlinux-stable-8607954cf255329d1c6dfc073ff1508b7585573c.tar.gz
linux-stable-8607954cf255329d1c6dfc073ff1508b7585573c.tar.bz2
linux-stable-8607954cf255329d1c6dfc073ff1508b7585573c.zip
fs/ntfs3: Check for NULL pointers in ni_try_remove_attr_list
Check for potential NULL pointers. Print error message if found. Thread, that leads to this commit: https://lore.kernel.org/ntfs3/227c13e3-5a22-0cba-41eb-fcaf41940711@paragon-software.com/ Reported-by: Mohammad Rasim <mohammad.rasim96@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/ntfs3/frecord.c23
1 files changed, 22 insertions, 1 deletions
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index ecb965e4afd0..6f47a9c17f89 100644
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -705,18 +705,35 @@ static int ni_try_remove_attr_list(struct ntfs_inode *ni)
continue;
mi = ni_find_mi(ni, ino_get(&le->ref));
+ if (!mi) {
+ /* Should never happened, 'cause already checked. */
+ goto bad;
+ }
attr = mi_find_attr(mi, NULL, le->type, le_name(le),
le->name_len, &le->id);
+ if (!attr) {
+ /* Should never happened, 'cause already checked. */
+ goto bad;
+ }
asize = le32_to_cpu(attr->size);
/* Insert into primary record. */
attr_ins = mi_insert_attr(&ni->mi, le->type, le_name(le),
le->name_len, asize,
le16_to_cpu(attr->name_off));
- id = attr_ins->id;
+ if (!attr_ins) {
+ /*
+ * Internal error.
+ * Either no space in primary record (already checked).
+ * Either tried to insert another
+ * non indexed attribute (logic error).
+ */
+ goto bad;
+ }
/* Copy all except id. */
+ id = attr_ins->id;
memcpy(attr_ins, attr, asize);
attr_ins->id = id;
@@ -732,6 +749,10 @@ static int ni_try_remove_attr_list(struct ntfs_inode *ni)
ni->attr_list.dirty = false;
return 0;
+bad:
+ ntfs_inode_err(&ni->vfs_inode, "Internal error");
+ make_bad_inode(&ni->vfs_inode);
+ return -EINVAL;
}
/*