Made sure there is no null character in an attribute name (bis)

When copying an attribute name which contains a null, it is truncated and this may lead to accessing non-allocated bytes when relying on the expected name length. Such (illegal) names must therefore be rejected.
2021-11-05 08:41:20 +01:00 · 2021-11-05 08:41:20 +01:00 · 5ce8941bf4
parent 6efc1305c1
commit 5ce8941bf4
1 changed files with 13 additions and 2 deletions
--- a/libntfs-3g/attrib.c
+++ b/libntfs-3g/attrib.c
@ -452,8 +452,19 @@ ntfs_attr *ntfs_attr_open(ntfs_inode *ni, const ATTR_TYPES type,
 	
 	if (!name) {
 		if (a->name_length) {
-			name = ntfs_ucsndup((ntfschar*)((u8*)a + le16_to_cpu(
-					a->name_offset)), a->name_length);
+			ntfschar *attr_name;
+
+			attr_name = (ntfschar*)((u8*)a
+					+ le16_to_cpu(a->name_offset));
+			/* A null character leads to illegal memory access */
+			if (ntfs_ucsnlen(attr_name, a->name_length)
+						!= a->name_length) {
+				ntfs_log_error("Null character in attribute"
+					" name in inode %lld\n",
+					(long long)ni->mft_no);
+				goto put_err_out;
+			}
+			name = ntfs_ucsndup(attr_name, a->name_length);
 			if (!name)
 				goto put_err_out;
 			newname = name;