diff options
| author | DaeMyung Kang <charsyam@gmail.com> | 2026-06-08 18:49:14 +0300 |
|---|---|---|
| committer | Namjae Jeon <linkinjeon@kernel.org> | 2026-06-09 15:50:55 +0300 |
| commit | 097cdfd0a55df5af82c9753833f39a8bfadbcfcb (patch) | |
| tree | ba13fa1b17cacc6f5eb6d23b531c139cf52fef6d | |
| parent | 390936fb15053d8d8991ca3a22776e251a5a7f2f (diff) | |
| download | linux-097cdfd0a55df5af82c9753833f39a8bfadbcfcb.tar.xz | |
ntfs: reject non-resident records for resident-only attributes
The shared lookup-time attribute validator rejects non-resident
$FILE_NAME and $VOLUME_NAME records because their formats require
resident values and callers handle returned records as resident
attributes. Other resident-only attribute types still pass through the
generic non-resident mapping-pairs checks.
That leaves real resident/non-resident union confusion paths. Inode load
looks up $STANDARD_INFORMATION and then reads data.resident.value_offset
without checking a->non_resident. ntfs_inode_sync_standard_information()
does the same when updating the standard information value.
ntfs_write_volume_flags() also looks up $VOLUME_INFORMATION and reads
data.resident.value_offset directly. $INDEX_ROOT callers in dir.c and
index.c depend on the same lookup contract before consuming the resident
index root value.
Reject non-resident records for all resident-only attribute types in the
shared validator. Keep the existing $FILE_NAME and $VOLUME_NAME behavior,
but factor it through a helper and extend it to
$STANDARD_INFORMATION, $OBJECT_ID, $VOLUME_INFORMATION, $INDEX_ROOT, and
$EA_INFORMATION. For $OBJECT_ID and $EA_INFORMATION this is contract
hardening for resident-only formats; this patch only rejects the
non-resident form and does not add new resident value validation for
those types.
Cc: stable@vger.kernel.org # v7.1
Signed-off-by: DaeMyung Kang <charsyam@gmail.com>
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
| -rw-r--r-- | fs/ntfs/attrib.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c index 1e0076ef81ef..1cd6664567ce 100644 --- a/fs/ntfs/attrib.c +++ b/fs/ntfs/attrib.c @@ -596,6 +596,22 @@ static u32 ntfs_resident_attr_min_value_length(const __le32 type) } } +static bool ntfs_attr_type_is_resident_only(const __le32 type) +{ + switch (type) { + case AT_STANDARD_INFORMATION: + case AT_FILE_NAME: + case AT_OBJECT_ID: + case AT_VOLUME_NAME: + case AT_VOLUME_INFORMATION: + case AT_INDEX_ROOT: + case AT_EA_INFORMATION: + return true; + default: + return false; + } +} + static bool ntfs_file_name_attr_value_is_valid(const u8 *value, const u32 value_length) { const struct file_name_attr *fn; @@ -666,7 +682,7 @@ static bool ntfs_attr_value_is_valid(struct ntfs_volume *vol, u32 min_len; if (a->non_resident) { - if (a->type == AT_FILE_NAME || a->type == AT_VOLUME_NAME) + if (ntfs_attr_type_is_resident_only(a->type)) goto corrupt; if (!ntfs_non_resident_attr_value_is_valid(a)) goto corrupt; |