diff options
| author | Jeongjun Park <aha310510@gmail.com> | 2025-10-15 16:34:54 +0900 | 
|---|---|---|
| committer | Namjae Jeon <linkinjeon@kernel.org> | 2025-10-15 17:53:20 +0900 | 
| commit | 2d8636119b92970ba135c3c4da87d24dbfdeb8ca (patch) | |
| tree | 82e51cac2659574cc8cfc17bb8fbae68a00b981f /rust/kernel/workqueue.rs | |
| parent | 82ebecdc74ff555daf70b811d854b1f32a296bea (diff) | |
exfat: fix out-of-bounds in exfat_nls_to_ucs2()
Since the len argument value passed to exfat_ioctl_set_volume_label()
from exfat_nls_to_utf16() is passed 1 too large, an out-of-bounds read
occurs when dereferencing p_cstring in exfat_nls_to_ucs2() later.
And because of the NLS_NAME_OVERLEN macro, another error occurs when
creating a file with a period at the end using utf8 and other iocharsets.
So to avoid this, you should remove the code that uses NLS_NAME_OVERLEN
macro and make the len argument value be the length of the label string,
but with a maximum length of FSLABEL_MAX - 1.
Reported-by: syzbot+98cc76a76de46b3714d4@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=98cc76a76de46b3714d4
Fixes: d01579d590f7 ("exfat: Add support for FS_IOC_{GET,SET}FSLABEL")
Suggested-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Diffstat (limited to 'rust/kernel/workqueue.rs')
0 files changed, 0 insertions, 0 deletions
