From 68ead9b8fc5b1d466fca7ef4c487b8d5b8996d58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= Date: Mon, 12 Jul 2021 08:31:18 +0200 Subject: [PATCH] Checked expanded attribute does not overflow the space in use When resizing an attribute, make sure the trailing data is moved in the correct direction. --- libntfs-3g/attrib.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c index caf0f4a0..387ccde5 100644 --- a/libntfs-3g/attrib.c +++ b/libntfs-3g/attrib.c @@ -4635,6 +4635,13 @@ int ntfs_attr_record_resize(MFT_RECORD *m, ATTR_RECORD *a, u32 new_size) } /* Move attributes following @a to their new location. */ + if (((u8 *)m + old_size) < ((u8 *)a + attr_size)) { + ntfs_log_error("Attribute 0x%x overflows" + " from MFT record\n", + (int)le32_to_cpu(a->type)); + errno = EIO; + return (-1); + } memmove((u8 *)a + new_size, (u8 *)a + attr_size, old_size - ((u8 *)a - (u8 *)m) - attr_size);