From 4e09b252af7ca75a278b33e5aab019f4c5c76fd8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jpandre@users.sourceforge.net>
Date: Mon, 12 Jul 2021 08:31:17 +0200
Subject: [PATCH] Checked name limits while looking up for an external
 attribute

Make sure the name of an attribute does not overflow beyond the
attribute length.
---
 libntfs-3g/attrib.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c
index 6fbb9a18..83a2d603 100644
--- a/libntfs-3g/attrib.c
+++ b/libntfs-3g/attrib.c
@@ -2835,6 +2835,16 @@ static int ntfs_attr_find(const ATTR_TYPES type, const ntfschar *name,
 			}
 		} else {
 			register int rc;
+
+			if (a->name_length
+			    && ((le16_to_cpu(a->name_offset)
+					+ a->name_length * sizeof(ntfschar))
+					> le32_to_cpu(a->length))) {
+				ntfs_log_error("Corrupt attribute name"
+					" in MFT record %lld\n",
+					(long long)ctx->ntfs_ino->mft_no);
+				break;
+			}
 			if (name && ((rc = ntfs_names_full_collate(name,
 					name_len, (ntfschar*)((char*)a +
 						le16_to_cpu(a->name_offset)),