Commit 2d863611 authored by Jeongjun Park's avatar Jeongjun Park Committed by Namjae Jeon
Browse files

exfat: fix out-of-bounds in exfat_nls_to_ucs2() 



Since the len argument value passed to exfat_ioctl_set_volume_label()
from exfat_nls_to_utf16() is passed 1 too large, an out-of-bounds read
occurs when dereferencing p_cstring in exfat_nls_to_ucs2() later.

And because of the NLS_NAME_OVERLEN macro, another error occurs when
creating a file with a period at the end using utf8 and other iocharsets.

So to avoid this, you should remove the code that uses NLS_NAME_OVERLEN
macro and make the len argument value be the length of the label string,
but with a maximum length of FSLABEL_MAX - 1.

Reported-by: default avatar <syzbot+98cc76a76de46b3714d4@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=98cc76a76de46b3714d4


Fixes: d01579d5 ("exfat: Add support for FS_IOC_{GET,SET}FSLABEL")
Suggested-by: default avatarPali Rohár <pali@kernel.org>
Signed-off-by: default avatarJeongjun Park <aha310510@gmail.com>
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
parent 82ebecdc
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment