ntfs: limit memory allocation in ntfs_attr_readall

check an attribute size before memory allocation, and reject if the size
is over the maximum size.

Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

1 files changed, 14 insertions, 0 deletions

diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
index 78915c1d5128..e8cc74c9c9a7 100644
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -30,6 +30,13 @@
 __le16 AT_UNNAMED[] = { cpu_to_le16('\0') };
 
 /*
+ * Maximum size allowed for reading attributes by ntfs_attr_readall().
+ * Extended attribute, reparse point are not expected to be larger than this size.
+ */
+
+#define NTFS_ATTR_READALL_MAX_SIZE	(64 * 1024)
+
+/*
  * ntfs_map_runlist_nolock - map (a part of) a runlist of an ntfs inode
  * @ni:		ntfs inode for which to map (part of) a runlist
  * @vcn:	map runlist part containing this vcn
@@ -5117,6 +5124,13 @@ void *ntfs_attr_readall(struct ntfs_inode *ni, const __le32 type,
 	}
 	bmp_ni = NTFS_I(bmp_vi);
 
+	if (bmp_ni->data_size > NTFS_ATTR_READALL_MAX_SIZE &&
+		(bmp_ni->type != AT_BITMAP ||
+		bmp_ni->data_size > ((ni->vol->nr_clusters + 7) >> 3))) {
+		ntfs_error(sb, "Invalid attribute data size");
+		goto out;
+	}
+
 	data = kvmalloc(bmp_ni->data_size, GFP_NOFS);
 	if (!data)
 		goto out;