Added a check of the minimal length of some attributes

The minimal lengths of STANDARD_ATTRIBUTE and OBJECT_ID were not checked and could lead to out-of-buffer access.
2021-07-19 09:23:23 +02:00 · 2021-07-19 09:23:23 +02:00 · e70d10d848
parent 2bf5077804
commit e70d10d848
1 changed files with 21 additions and 0 deletions
--- a/libntfs-3g/attrib.c
+++ b/libntfs-3g/attrib.c
@ -3492,7 +3492,28 @@ int ntfs_attr_consistent(const ATTR_RECORD *a, const MFT_REF mref)
 			}
 			break;
 		case AT_STANDARD_INFORMATION :
+			if (a->non_resident
+			    || (le32_to_cpu(a->value_length)
+					< offsetof(STANDARD_INFORMATION,
+							v1_end))) {
+				ntfs_log_error("Corrupt standard information"
+					" in MFT record %lld\n",
+					(long long)inum);
+				errno = EIO;
+				ret = -1;
+			}
+			break;
 		case AT_OBJECT_ID :
+			if (a->non_resident
+			    || (le32_to_cpu(a->value_length)
+					< sizeof(GUID))) {
+				ntfs_log_error("Corrupt object id"
+					" in MFT record %lld\n",
+					(long long)inum);
+				errno = EIO;
+				ret = -1;
+			}
+			break;
 		case AT_VOLUME_NAME :
 		case AT_EA_INFORMATION :
 			if (a->non_resident) {