From 838b6e35b43062353998853eab50cd0675201ed7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= Date: Tue, 21 Sep 2021 10:54:50 +0200 Subject: [PATCH] Made sure there is no null character in an attribute name When copying an attribute name which contains a null, it is truncated and this may lead to accessing non-allocated bytes when relying on the expected name length. Such names must therefore be rejected. --- libntfs-3g/attrib.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c index e8d6fafb..00bfca84 100644 --- a/libntfs-3g/attrib.c +++ b/libntfs-3g/attrib.c @@ -414,7 +414,15 @@ ntfs_attr *ntfs_attr_open(ntfs_inode *ni, const ATTR_TYPES type, na = ntfs_calloc(sizeof(ntfs_attr)); if (!na) goto out; + if (!name_len) + name = (ntfschar*)NULL; if (name && name != AT_UNNAMED && name != NTFS_INDEX_I30) { + /* A null char leads to a short name and unallocated bytes */ + if (ntfs_ucsnlen(name, name_len) != name_len) { + ntfs_log_error("Null character in attribute name" + " of inode %lld\n",(long long)ni->mft_no); + goto err_out; + } name = ntfs_ucsndup(name, name_len); if (!name) goto err_out;