tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fs/ntfs: Correct next_attribute validation

Browse Source 
Improved ad-hoc fuzzing coverage revealed a possible access violation
around line 342 of grub-core/fs/ntfs.c when accessing the attr_cur
pointer due to possibility of moving pointer "next" beyond of the end of
the valid buffer inside next_attribute. Prevent this for cases where
full attribute validation is not performed (such as on attribute lists)
by performing a sanity check on the newly calculated next pointer.

Fixes: 06914b614 (fs/ntfs: Correct attribute vs attribute list validation)

Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Andrew Hamilton 2025-06-01 10:52:22 -05:00 committed by Daniel Kiper
parent 5ff9c43cfe
commit 000e48b42c
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
grub-core/fs/ntfs.c
View File

@ -233,7 +233,12 @@ next_attribute (grub_uint8_t *curr_attribute, void *end, bool validate)
return NULL; return NULL;
next += u16at (curr_attribute, 4); next += u16at (curr_attribute, 4);
if (validate && validate_attribute (next, end) == false) if (validate)
{
if (validate_attribute (next, end) == false)
return NULL;
}
else if (next >= (grub_uint8_t *) end)
return NULL; return NULL;
return next; return next;