exfat: check invalid valid_size and start_clu

valid_size should not be greater than size and need to check if start_clu is invalid cluster. This patch add the check to return -EIO. Signed-off-by: Namjae Jeon <[email protected]>
namjaejeon · Oct 27, 2024 · e0555f2 · e0555f2
1 parent dc7c0b4
commit e0555f2
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/namei.c b/namei.c
@@ -658,13 +658,26 @@ static int exfat_find(struct inode *dir, struct qstr *qname,
 	info->size = le64_to_cpu(ep2->dentry.stream.valid_size);
 	info->valid_size = le64_to_cpu(ep2->dentry.stream.valid_size);
 	info->size = le64_to_cpu(ep2->dentry.stream.size);
+
+	if (info->valid_size > info->size) {
+		exfat_fs_error(sb, "valid_size(%lld) is greater than size(%lld)",
+				info->valid_size, info->size);
+		return -EIO;
+	}
+
 	if (info->size == 0) {
 		info->flags = ALLOC_NO_FAT_CHAIN;
 		info->start_clu = EXFAT_EOF_CLUSTER;
 	} else {
 		info->flags = ep2->dentry.stream.flags;
 		info->start_clu =
 			le32_to_cpu(ep2->dentry.stream.start_clu);
+
+		if (!is_valid_cluster(sbi, info->start_clu)) {
+			exfat_fs_error(sb, "start_clu is invalid cluster(0x%x)",
+					info->start_clu);
+			return -EIO;
+		}
 	}
 
 	exfat_get_entry_time(sbi, &info->crtime,