[PATCH] fs/ntfs3: validate BOOT sectors_per_clusters

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When the NTFS BOOT sectors_per_clusters field is > 0x80,
it represents a shift value. First change its sign to positive
and then make sure that the shift count is not too large.
This prevents negative shift values and shift values that are
larger than the field size.

Prevents this UBSAN error:

 UBSAN: shift-out-of-bounds in ../fs/ntfs3/super.c:673:16
 shift exponent -192 is negative

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
Reported-by: syzbot+1631f09646bc214d2e76@xxxxxxxxxxxxxxxxxxxxxxxxx
Cc: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx>
Cc: ntfs3@xxxxxxxxxxxxxxx
Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Kari Argillander <kari.argillander@xxxxxxxxxxxxxxxxxxxx>
Cc: Namjae Jeon <linkinjeon@xxxxxxxxxx>
---
 fs/ntfs3/super.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- linux-next-20220428.orig/fs/ntfs3/super.c
+++ linux-next-20220428/fs/ntfs3/super.c
@@ -670,7 +670,8 @@ static u32 true_sectors_per_clst(const s
 {
 	return boot->sectors_per_clusters <= 0x80
 		       ? boot->sectors_per_clusters
-		       : (1u << (0 - boot->sectors_per_clusters));
+		       : -(s8)boot->sectors_per_clusters > 31 ? -1
+		       : (1u << -(s8)boot->sectors_per_clusters);
 }
 
 /*
@@ -713,7 +714,7 @@ static int ntfs_init_from_boot(struct su
 
 	/* cluster size: 512, 1K, 2K, 4K, ... 2M */
 	sct_per_clst = true_sectors_per_clst(boot);
-	if (!is_power_of_2(sct_per_clst))
+	if ((int)sct_per_clst < 0 || !is_power_of_2(sct_per_clst))
 		goto out;
 
 	mlcn = le64_to_cpu(boot->mft_clst);



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux