change otg to host mode

hc

2024-05-11 04dd17822334871b23ea2862f7798fb0e0007777

 kernel/fs/ntfs/attrib.c
..
..
@@ -1,23 +1,9 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /**
2
3
  * attrib.c - NTFS attribute operations.  Part of the Linux-NTFS project.
3
4
  *
4
5
  * Copyright (c) 2001-2012 Anton Altaparmakov and Tuxera Inc.
5
6
  * Copyright (c) 2002 Richard Russon
6
- *
7
- * This program/include file is free software; you can redistribute it and/or
8
- * modify it under the terms of the GNU General Public License as published
9
- * by the Free Software Foundation; either version 2 of the License, or
10
- * (at your option) any later version.
11
- *
12
- * This program/include file is distributed in the hope that it will be
13
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty
14
- * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
- * GNU General Public License for more details.
16
- *
17
- * You should have received a copy of the GNU General Public License
18
- * along with this program (in the main directory of the Linux-NTFS
19
- * distribution in the file COPYING); if not, write to the Free Software
20
- * Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21
7
  */
22
8
 
23
9
 #include <linux/buffer_head.h>
..
..
@@ -606,15 +592,39 @@
606
592
 		a = (ATTR_RECORD*)((u8*)ctx->attr +
607
593
 				le32_to_cpu(ctx->attr->length));
608
594
 	for (;;	a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))) {
609
-		if ((u8*)a < (u8*)ctx->mrec || (u8*)a > (u8*)ctx->mrec +
610
-				le32_to_cpu(ctx->mrec->bytes_allocated))
595
+		u8 *mrec_end = (u8 *)ctx->mrec +
596
+		               le32_to_cpu(ctx->mrec->bytes_allocated);
597
+		u8 *name_end;
598
+
599
+		/* check whether ATTR_RECORD wrap */
600
+		if ((u8 *)a < (u8 *)ctx->mrec)
611
601
 			break;
602
+
603
+		/* check whether Attribute Record Header is within bounds */
604
+		if ((u8 *)a > mrec_end ||
605
+		    (u8 *)a + sizeof(ATTR_RECORD) > mrec_end)
606
+			break;
607
+
608
+		/* check whether ATTR_RECORD's name is within bounds */
609
+		name_end = (u8 *)a + le16_to_cpu(a->name_offset) +
610
+			   a->name_length * sizeof(ntfschar);
611
+		if (name_end > mrec_end)
612
+			break;
613
+
612
614
 		ctx->attr = a;
613
615
 		if (unlikely(le32_to_cpu(a->type) > le32_to_cpu(type) ||
614
616
 				a->type == AT_END))
615
617
 			return -ENOENT;
616
618
 		if (unlikely(!a->length))
617
619
 			break;
620
+
621
+		/* check whether ATTR_RECORD's length wrap */
622
+		if ((u8 *)a + le32_to_cpu(a->length) < (u8 *)a)
623
+			break;
624
+		/* check whether ATTR_RECORD's length is within bounds */
625
+		if ((u8 *)a + le32_to_cpu(a->length) > mrec_end)
626
+			break;
627
+
618
628
 		if (a->type != type)
619
629
 			continue;
620
630
 		/*