boot/grub2/0067-hfsplus-Check-that-the-volume-name-length-is-valid.patch

*4882a593SmuzhiyunFrom 2298f6e0d951251bb9ca97d891d1bc8b74515f8c Mon Sep 17 00:00:00 2001
*4882a593SmuzhiyunFrom: Darren Kenny <darren.kenny@oracle.com>
*4882a593SmuzhiyunDate: Fri, 23 Oct 2020 17:09:31 +0000
*4882a593SmuzhiyunSubject: [PATCH] hfsplus: Check that the volume name length is valid
*4882a593Smuzhiyun
*4882a593SmuzhiyunHFS+ documentation suggests that the maximum filename and volume name is
*4882a593Smuzhiyun255 Unicode characters in length.
*4882a593Smuzhiyun
*4882a593SmuzhiyunSo, when converting from big-endian to little-endian, we should ensure
*4882a593Smuzhiyunthat the name of the volume has a length that is between 0 and 255,
*4882a593Smuzhiyuninclusive.
*4882a593Smuzhiyun
*4882a593SmuzhiyunFixes: CID 73641
*4882a593Smuzhiyun
*4882a593SmuzhiyunSigned-off-by: Darren Kenny <darren.kenny@oracle.com>
*4882a593SmuzhiyunReviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
*4882a593SmuzhiyunSigned-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
*4882a593Smuzhiyun---
*4882a593Smuzhiyun grub-core/fs/hfsplus.c | 9 +++++++++
*4882a593Smuzhiyun 1 file changed, 9 insertions(+)
*4882a593Smuzhiyun
*4882a593Smuzhiyundiff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
*4882a593Smuzhiyunindex 9c4e4c8..8fe7c12 100644
*4882a593Smuzhiyun--- a/grub-core/fs/hfsplus.c
*4882a593Smuzhiyun+++ b/grub-core/fs/hfsplus.c
*4882a593Smuzhiyun@@ -1012,6 +1012,15 @@ grub_hfsplus_label (grub_device_t device, char **label)
*4882a593Smuzhiyun     grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr);
*4882a593Smuzhiyun
*4882a593Smuzhiyun   label_len = grub_be_to_cpu16 (catkey->namelen);
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+  /* Ensure that the length is >= 0. */
*4882a593Smuzhiyun+  if (label_len < 0)
*4882a593Smuzhiyun+    label_len = 0;
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+  /* Ensure label length is at most 255 Unicode characters. */
*4882a593Smuzhiyun+  if (label_len > 255)
*4882a593Smuzhiyun+    label_len = 255;
*4882a593Smuzhiyun+
*4882a593Smuzhiyun   label_name = grub_calloc (label_len, sizeof (*label_name));
*4882a593Smuzhiyun   if (!label_name)
*4882a593Smuzhiyun     {
*4882a593Smuzhiyun--
*4882a593Smuzhiyun2.14.2
*4882a593Smuzhiyun