[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY PATCH 27/30] fs/f2fs: Do not copy file names that are too long

From: Daniel Kiper
Subject: [SECURITY PATCH 27/30] fs/f2fs: Do not copy file names that are too long
Date: Tue, 7 Jun 2022 19:01:36 +0200

From: Sudhakar Kuppusamy <>

A corrupt f2fs file system might specify a name length which is greater
than the maximum name length supported by the GRUB f2fs driver.

We will allocate enough memory to store the overly long name, but there
are only F2FS_NAME_LEN bytes in the source, so we would read past the end
of the source.

While checking directory entries, do not copy a file name with an invalid

Signed-off-by: Sudhakar Kuppusamy <>
Signed-off-by: Daniel Axtens <>
Reviewed-by: Daniel Kiper <>
 grub-core/fs/f2fs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index 8898b235e..df6beb544 100644
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx 
       ftype = ctx->dentry[i].file_type;
       name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len);
+      if (name_len >= F2FS_NAME_LEN)
+        return 0;
       filename = grub_malloc (name_len + 1);
       if (!filename)
         return 0;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]