fs/f2fs: Do not copy file names that are too long

A corrupt f2fs file system might specify a name length which is greater than the maximum name length supported by the GRUB f2fs driver. We will allocate enough memory to store the overly long name, but there are only F2FS_NAME_LEN bytes in the source, so we would read past the end of the source. While checking directory entries, do not copy a file name with an invalid length. Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Signed-off-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
author: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> 2022-04-06 18:17:43 +0530
committer: Daniel Kiper <daniel.kiper@oracle.com> 2022-06-07 16:39:33 +0200
commit: e40b83335bb33d9a2d1c06cc269875b3b3d6c539 (patch)
tree: 00d91bb3de8b21ce5d93e49d5f9bd34df4aabf21
parent: deae293f399dde3773cf37dfa9b77ca7e04ef772 (diff)
download: grub-e40b83335bb33d9a2d1c06cc269875b3b3d6c539.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index 8898b235e..df6beb544 100644
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx)
 
       ftype = ctx->dentry[i].file_type;
       name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len);
+
+      if (name_len >= F2FS_NAME_LEN)
+        return 0;
+
       filename = grub_malloc (name_len + 1);
       if (!filename)
         return 0;
author	Sudhakar Kuppusamy <sudhakar@linux.ibm.com>	2022-04-06 18:17:43 +0530
committer	Daniel Kiper <daniel.kiper@oracle.com>	2022-06-07 16:39:33 +0200
commit	e40b83335bb33d9a2d1c06cc269875b3b3d6c539 (patch)
tree	00d91bb3de8b21ce5d93e49d5f9bd34df4aabf21
parent	deae293f399dde3773cf37dfa9b77ca7e04ef772 (diff)
download	grub-e40b83335bb33d9a2d1c06cc269875b3b3d6c539.tar.gz