Blame SOURCES/0258-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch

1c6ba0
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
1c6ba0
From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
1c6ba0
Date: Wed, 6 Apr 2022 18:17:43 +0530
1c6ba0
Subject: [PATCH] fs/f2fs: Do not copy file names that are too long
1c6ba0
1c6ba0
A corrupt f2fs file system might specify a name length which is greater
1c6ba0
than the maximum name length supported by the GRUB f2fs driver.
1c6ba0
1c6ba0
We will allocate enough memory to store the overly long name, but there
1c6ba0
are only F2FS_NAME_LEN bytes in the source, so we would read past the end
1c6ba0
of the source.
1c6ba0
1c6ba0
While checking directory entries, do not copy a file name with an invalid
1c6ba0
length.
1c6ba0
1c6ba0
Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
1c6ba0
Signed-off-by: Daniel Axtens <dja@axtens.net>
1c6ba0
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
1c6ba0
(cherry picked from commit 9a891f638509e031d322c94e3cbcf38d36f3993a)
1c6ba0
(cherry picked from commit 13f9160ae0d2806baed459884999356817096cd7)
1c6ba0
---
1c6ba0
 grub-core/fs/f2fs.c | 4 ++++
1c6ba0
 1 file changed, 4 insertions(+)
1c6ba0
1c6ba0
diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
1c6ba0
index 8898b235e0..df6beb544c 100644
1c6ba0
--- a/grub-core/fs/f2fs.c
1c6ba0
+++ b/grub-core/fs/f2fs.c
1c6ba0
@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx)
1c6ba0
 
1c6ba0
       ftype = ctx->dentry[i].file_type;
1c6ba0
       name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len);
1c6ba0
+
1c6ba0
+      if (name_len >= F2FS_NAME_LEN)
1c6ba0
+        return 0;
1c6ba0
+
1c6ba0
       filename = grub_malloc (name_len + 1);
1c6ba0
       if (!filename)
1c6ba0
         return 0;