fs/ntfs3: Fix oob in ntfs_listxattr

The length of name cannot exceed the space occupied by ea.

Reported-and-tested-by: syzbot+65e940cfb8f99a97aca7@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c
index 071356d096d83fd1980c44cb1e8db74eb456d1c4..53e7d1fa036aa6e50a3ccd529d88584b1350cd74 100644 (file)
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -219,6 +219,9 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer,
                if (!ea->name_len)
                        break;
 
+               if (ea->name_len > ea_size)
+                       break;
+
                if (buffer) {
                        /* Check if we can use field ea->name */
                        if (off + ea_size > size)