packages/ntfs-3g
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-52890

Browse Source 
from: 75dcdc2cf3
This commit is contained in:
qiaojijun 2024-06-17 10:40:44 +08:00
parent 2ad773efbe
commit 9abbef29d7
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
CVE-2023-52890.patch Normal file
View File

@ -0,0 +1,37 @@
From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001
From: Erik Larsson <erik@tuxera.com>
Date: Tue, 13 Jun 2023 17:47:15 +0300
Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
then 'n' will be less than 0 and the loop will terminate without storing
anything in '*t'. After the loop the uppercase string's allocation is
freed, however after it is freed it is unconditionally accessed through
'*t', which points into the freed allocation, for the purpose of NULL-
terminating the string. This leads to a use-after-free.
Fixed by only NULL-terminating the string when no error has been thrown.
Thanks for Jeffrey Bencteux for reporting this issue:
https://github.com/tuxera/ntfs-3g/issues/84
---
libntfs-3g/unistr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
index 5854b3b7..db8ddf42 100644
--- a/libntfs-3g/unistr.c
+++ b/libntfs-3g/unistr.c
@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
free(upp);
upp = (char*)NULL;
errno = EILSEQ;
+ } else {
+ *t = 0;
}
- *t = 0;
}
return (upp);
}
--
2.20.1

10
ntfs-3g.spec
View File

@ -1,6 +1,6 @@
Name: ntfs-3g
Version: 2022.10.3
Release: 1
Release: 2
Epoch: 2
Summary: Linux NTFS userspace driver
License: GPLv2+
@ -9,6 +9,8 @@ Source0: http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subve
Patch0: 0000-ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
Patch1: add-version-and-help-usage.patch
Patch3000: CVE-2023-52890.patch
BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release}
Obsoletes: ntfsprogs-fuse
@ -89,6 +91,12 @@ rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/README
%{_mandir}/man*/*
%changelog
* Mon Jun 17 2024 qiaojijun <qiaojijun@kylinos.cn> - 2:2022.10.3-2
- Type:bugfix
- Id:NA
- SUG:NA
- DESC: fix CVE-2023-52890
* Tue Apr 18 2023 liyanan <thistleslyn@163.com> - 2:2022.10.3-1
- Update to 2022.10.3