opengnsys
/
ntfs-3g
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed consistency check of MFT attributes in ntfsfix 

The consistency check could be defeated as a consequence of integer overflow.
Reorganize it to avoid such situations.
edge.strict_endians^2
Jean-Pierre André 2021-07-12 08:31:17 +02:00
parent fc295da55e
commit f3999a74c6
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ntfsprogs/ntfsfix.c
View File

@ -780,16 +780,19 @@ static ATTR_RECORD *find_unnamed_attr(MFT_RECORD *mrec, ATTR_TYPES type)
{
ATTR_RECORD *a;
u32 offset;
s32 space;
/* fetch the requested attribute */
offset = le16_to_cpu(mrec->attrs_offset);
space = le32_to_cpu(mrec->bytes_in_use) - offset;
a = (ATTR_RECORD*)((char*)mrec + offset);
while (((offset + le32_to_cpu(a->length))
< le32_to_cpu(mrec->bytes_in_use))
&& !(le32_to_cpu(a->length) & 7)
while ((space >= (s32)offsetof(ATTR_RECORD, resident_end))
&& (a->type != AT_END)
&& (le32_to_cpu(a->length) <= (u32)space)
&& !(le32_to_cpu(a->length) & 7)
&& ((a->type != type) || a->name_length)) {
offset += le32_to_cpu(a->length);
space -= le32_to_cpu(a->length);
a = (ATTR_RECORD*)((char*)mrec + offset);
}
if ((offset >= le32_to_cpu(mrec->bytes_in_use))