Blame SOURCES/0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch

b9d01e
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
b9d01e
From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
b9d01e
Date: Wed, 6 Apr 2022 18:17:43 +0530
b9d01e
Subject: [PATCH] fs/f2fs: Do not copy file names that are too long
b9d01e
b9d01e
A corrupt f2fs file system might specify a name length which is greater
b9d01e
than the maximum name length supported by the GRUB f2fs driver.
b9d01e
b9d01e
We will allocate enough memory to store the overly long name, but there
b9d01e
are only F2FS_NAME_LEN bytes in the source, so we would read past the end
b9d01e
of the source.
b9d01e
b9d01e
While checking directory entries, do not copy a file name with an invalid
b9d01e
length.
b9d01e
b9d01e
Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
b9d01e
Signed-off-by: Daniel Axtens <dja@axtens.net>
b9d01e
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
b9d01e
(cherry picked from commit 9a891f638509e031d322c94e3cbcf38d36f3993a)
b9d01e
(cherry picked from commit 13f9160ae0d2806baed459884999356817096cd7)
b9d01e
(cherry picked from commit a48ba4d48b3c66431e6bbeb386078efc6602110c)
b9d01e
---
b9d01e
 grub-core/fs/f2fs.c | 4 ++++
b9d01e
 1 file changed, 4 insertions(+)
b9d01e
b9d01e
diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
b9d01e
index 33e565b180..07ea34196c 100644
b9d01e
--- a/grub-core/fs/f2fs.c
b9d01e
+++ b/grub-core/fs/f2fs.c
b9d01e
@@ -998,6 +998,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx)
b9d01e
 
b9d01e
       ftype = ctx->dentry[i].file_type;
b9d01e
       name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len);
b9d01e
+
b9d01e
+      if (name_len >= F2FS_NAME_LEN)
b9d01e
+        return 0;
b9d01e
+
b9d01e
       filename = grub_malloc (name_len + 1);
b9d01e
       if (!filename)
b9d01e
         return 0;