From e70d10d8488d3dea835d0bd85e16e567af23cd82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jpandre@users.sourceforge.net>
Date: Mon, 19 Jul 2021 09:23:23 +0200
Subject: [PATCH] Added a check of the minimal length of some attributes

The minimal lengths of STANDARD_ATTRIBUTE and OBJECT_ID were not
checked and could lead to out-of-buffer access.
---
 libntfs-3g/attrib.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c
index 1c748544..628fa819 100644
--- a/libntfs-3g/attrib.c
+++ b/libntfs-3g/attrib.c
@@ -3492,7 +3492,28 @@ int ntfs_attr_consistent(const ATTR_RECORD *a, const MFT_REF mref)
 			}
 			break;
 		case AT_STANDARD_INFORMATION :
+			if (a->non_resident
+			    || (le32_to_cpu(a->value_length)
+					< offsetof(STANDARD_INFORMATION,
+							v1_end))) {
+				ntfs_log_error("Corrupt standard information"
+					" in MFT record %lld\n",
+					(long long)inum);
+				errno = EIO;
+				ret = -1;
+			}
+			break;
 		case AT_OBJECT_ID :
+			if (a->non_resident
+			    || (le32_to_cpu(a->value_length)
+					< sizeof(GUID))) {
+				ntfs_log_error("Corrupt object id"
+					" in MFT record %lld\n",
+					(long long)inum);
+				errno = EIO;
+				ret = -1;
+			}
+			break;
 		case AT_VOLUME_NAME :
 		case AT_EA_INFORMATION :
 			if (a->non_resident) {