fs/ntfs3: Add sanity check for file name

[ Upstream commit e841ecb139339602bc1853f5f09daa5d1ea920a2 ] The length of the file name should be smaller than the directory entry size. Reported-by: syzbot+598057afa0f49e62bd23@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=598057afa0f49e62bd23 Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Lizhi Xu <lizhi.xu@windriver.com> 2025-06-06 13:16:16 +0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-08-20 18:30:21 +0200
commit: 2ac47f738ddfc1957a33be163bc97ee8f78e85a6 (patch)
tree: 62d01840e3d27d0fb82e5dff34186dda87bf40e7
parent: caf7f7c1a050774ca8b05d2c474fb09b1b5e78e4 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/ntfs3/dir.c b/fs/ntfs3/dir.c
index b6da80c69ca6..600e66035c1b 100644
--- a/fs/ntfs3/dir.c
+++ b/fs/ntfs3/dir.c
@@ -304,6 +304,9 @@ static inline bool ntfs_dir_emit(struct ntfs_sb_info *sbi,
 	if (sbi->options->nohidden && (fname->dup.fa & FILE_ATTRIBUTE_HIDDEN))
 		return true;
 
+	if (fname->name_len + sizeof(struct NTFS_DE) > le16_to_cpu(e->size))
+		return true;
+
 	name_len = ntfs_utf16_to_nls(sbi, fname->name, fname->name_len, name,
 				     PATH_MAX);
 	if (name_len <= 0) {
author	Lizhi Xu <lizhi.xu@windriver.com>	2025-06-06 13:16:16 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-08-20 18:30:21 +0200
commit	2ac47f738ddfc1957a33be163bc97ee8f78e85a6 (patch)
tree	62d01840e3d27d0fb82e5dff34186dda87bf40e7
parent	caf7f7c1a050774ca8b05d2c474fb09b1b5e78e4 (diff)