tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes

Browse Source 
This fix introduces checks to ensure that bitmaps for directory indices
are never read beyond their actual sizes.

The lack of this check is a minor issue, likely not exploitable in any way.

Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Maxim Suhanov 2023-08-28 16:33:44 +03:00 committed by Daniel Kiper
parent 7e5f031a6a
commit 7a5a116739
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
grub-core/fs/ntfs.c
View File

@ -843,6 +843,25 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
if (is_resident)
{
if (bitmap_len > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
{
grub_error (GRUB_ERR_BAD_FS, "resident bitmap too large");
goto done;
}
if (cur_pos >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
{
grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
goto done;
}
if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) >
(grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos)
{
grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
goto done;
}
grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14),
bitmap_len);
}