File fsck-fix-out-of-bounds-write-in-read_file_dentry_set.patch of Package exfatprogs.31393

From ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf Mon Sep 17 00:00:00 2001
From: Hyunchul Lee <hyc.lee@gmail.com>
Date: Wed, 25 Oct 2023 15:29:29 +0900
Subject: [PATCH] fsck: fix out-of-bounds write in read_file_dentry_set
References: bsc#1216701

if SecondaryCount is greater than (2 + the max number
of File Name entries), writing to memory outside
the node->name could happen.

Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Reviewed-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

Index: exfatprogs-1.0.4/fsck/fsck.c
===================================================================
--- exfatprogs-1.0.4.orig/fsck/fsck.c
+++ exfatprogs-1.0.4/fsck/fsck.c
@@ -969,7 +969,7 @@ static int read_file_dentries(struct exf
 		return -EINVAL;
 	}
 
-	for (i = 2; i <= file_de->file_num_ext; i++) {
+	for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) {
 		ret = exfat_de_iter_get(iter, i, &name_de);
 		if (ret || name_de->type != EXFAT_NAME) {
 			exfat_err("failed to get name dentry. %d\n", ret);
Index: exfatprogs-1.0.4/include/exfat_ondisk.h
===================================================================
--- exfatprogs-1.0.4.orig/include/exfat_ondisk.h
+++ exfatprogs-1.0.4/include/exfat_ondisk.h
@@ -39,6 +39,7 @@
 #define DENTRY_SIZE_BITS	5
 /* exFAT allows 8388608(256MB) directory entries */
 #define MAX_EXFAT_DENTRIES	8388608
+#define MAX_NAME_DENTRIES      17
 
 /* dentry types */
 #define MSDOS_DELETED		0xE5	/* deleted mark */

Places

File fsck-fix-out-of-bounds-write-in-read_file_dentry_set.patch of Package exfatprogs.31393

Places