!44 fix CVE-2023-52890

From: @kylin-qiaojijun Reviewed-by: @wk333 Signed-off-by: @wk333
fix CVE-2023-52890
2024-06-17 07:31:25 +00:00 · 2024-06-17 14:53:33 +08:00 · 2023-04-18 06:06:52 +00:00 · 2023-04-18 11:17:39 +08:00 · 2022-11-10 07:41:44 +00:00 · 2022-11-10 14:35:25 +08:00
5 changed files with 89 additions and 4 deletions
--- a/CVE-2023-52890.patch
+++ b/CVE-2023-52890.patch
@ -0,0 +1,37 @@
+From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001
+From: Erik Larsson <erik@tuxera.com>
+Date: Tue, 13 Jun 2023 17:47:15 +0300
+Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
+
+If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
+then 'n' will be less than 0 and the loop will terminate without storing
+anything in '*t'. After the loop the uppercase string's allocation is
+freed, however after it is freed it is unconditionally accessed through
+'*t', which points into the freed allocation, for the purpose of NULL-
+terminating the string. This leads to a use-after-free.
+Fixed by only NULL-terminating the string when no error has been thrown.
+
+Thanks for Jeffrey Bencteux for reporting this issue:
+https://github.com/tuxera/ntfs-3g/issues/84
+---
+ libntfs-3g/unistr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
+index 5854b3b7..db8ddf42 100644
+--- a/libntfs-3g/unistr.c
+++ b/libntfs-3g/unistr.c
+@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
+ 			free(upp);
+ 			upp = (char*)NULL;
+ 			errno = EILSEQ;
+		} else {
+			*t = 0;
+ 		}
+-		*t = 0;
+ 	}
+ 	return (upp);
+ }
+-- 
+2.20.1
+
--- a/add-version-and-help-usage.patch
+++ b/add-version-and-help-usage.patch
@ -0,0 +1,27 @@
+From 5eeccb85a67bbd365839afc65eda4eb388375e68 Mon Sep 17 00:00:00 2001
+From: wang_yue111 <648774160@qq.com>
+Date: Wed, 20 Oct 2021 17:37:51 +0800
+Subject: [PATCH] add version and help usage
+
+---
+ ntfsprogs/ntfssecaudit.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ntfsprogs/ntfssecaudit.c b/ntfsprogs/ntfssecaudit.c
+index 9484a60..caa3da3 100644
+--- a/ntfsprogs/ntfssecaudit.c
+++ b/ntfsprogs/ntfssecaudit.c
+@@ -6007,6 +6007,10 @@ static void usage(void)
+ 	fprintf(stderr,"	set the security parameters of file to perms\n");
+ 	fprintf(stderr,"   ntfssecaudit -r[v] volume perms directory\n");
+ 	fprintf(stderr,"	set the security parameters of files in directory to perms\n");
+	fprintf(stderr,"   ntfssecaudit -V\n");
+	fprintf(stderr,"        display version\n");
+	fprintf(stderr,"   ntfssecaudit -H\n");
+	fprintf(stderr,"        display usage\n");
+ #ifdef HAVE_SETXATTR
+ 	fprintf(stderr," special cases, do not require being root :\n");
+ 	fprintf(stderr,"   ntfssecaudit -u mounted-file\n");
+-- 
+2.23.0
+
--- a/ntfs-3g.spec
+++ b/ntfs-3g.spec
@ -1,12 +1,16 @@
 Name:          ntfs-3g
-Version:       2021.8.22
-Release:       1
+Version:       2022.10.3
+Release:       2
 Epoch:         2
 Summary:       Linux NTFS userspace driver
 License:       GPLv2+
 URL:           http://www.ntfs-3g.org/
 Source0:       http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz
 Patch0:        0000-ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
+Patch1:        add-version-and-help-usage.patch
+
+Patch3000:     CVE-2023-52890.patch
+
 BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
 Provides:      ntfsprogs-fuse = %{epoch}:%{version}-%{release}
 Obsoletes:     ntfsprogs-fuse
@ -39,8 +43,7 @@ Requires:       man
 This package includes man files for %{name}.

 %prep
-%setup -q -n %{name}_ntfsprogs-%{version}%{?subver}
-%patch0 -p1 -b .unsupported
+%autosetup -n %{name}_ntfsprogs-%{version}%{?subver} -p1

 %build
 CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
@ -88,6 +91,24 @@ rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/README
 %{_mandir}/man*/*

 %changelog
+* Mon Jun 17 2024 qiaojijun <qiaojijun@kylinos.cn> - 2:2022.10.3-2
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC: fix CVE-2023-52890
+
+* Tue Apr 18 2023 liyanan <thistleslyn@163.com> - 2:2022.10.3-1
+- Update to 2022.10.3
+
+* Thu Nov 10 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 2:2022.5.17-2
+- fix CVE-2022-40284
+
+* Fri May 27 2022 wangkai <wangkai385@h-partners.com> - 2:2022.5.17-1
+- Upgrade to 2022.5.17 to fix the cves
+
+* Thu Oct 21 2021 wangyue <wangyue92@huawei.com> - 2:2021.8.22-2
+- add version and help usage
+
 * Wed Sep 22 2021 houyingchao <houyingchao@huawei.com> - 2:2021.8.22-1
 - Upgrade to 2021.8.22 to fix the cves

--- a/ntfs-3g_ntfsprogs-2021.8.22.tgz
+++ b/ntfs-3g_ntfsprogs-2021.8.22.tgz
--- a/ntfs-3g_ntfsprogs-2022.10.3.tgz
+++ b/ntfs-3g_ntfsprogs-2022.10.3.tgz
Author	SHA1	Message	Date
openeuler-ci-bot	4da63c7568	!44 fix CVE-2023-52890 From: @kylin-qiaojijun Reviewed-by: @wk333 Signed-off-by: @wk333	2024-06-17 07:31:25 +00:00
qiaojijun	9abbef29d7	fix CVE-2023-52890 from: `75dcdc2cf3`	2024-06-17 14:53:33 +08:00
openeuler-ci-bot	2ad773efbe	!42 Update to 2022.10.3 From: @lyn1001 Reviewed-by: @caodongxia Signed-off-by: @caodongxia	2023-04-18 06:06:52 +00:00
lyn1001	f517b3f618	update to 2022.10.3	2023-04-18 11:17:39 +08:00
openeuler-ci-bot	13a795d893	!39 [sync] PR-35: fix CVE-2022-40284 From: @openeuler-sync-bot Reviewed-by: @caodongxia Signed-off-by: @caodongxia	2022-11-10 07:41:44 +00:00
liyuxiang	63f2e886fe	CVE-2022-40284 (cherry picked from commit 5761138b7de6dca79bcbe8c2e6b989d260e3ab0b)	2022-11-10 14:35:25 +08:00
openeuler-ci-bot	f2736ab310	!27 Upgrade to 2022.5.17 to fix the cves From: @wk333 Reviewed-by: @small_leek Signed-off-by: @small_leek	2022-05-30 01:02:12 +00:00
wk333	db08f73f11	Upgrade to 2022.5.17 to fix the cves	2022-05-27 15:57:21 +08:00
openeuler-ci-bot	df3b9c0a01	!21 add version and help usage From: @wang_yue111 Reviewed-by: @small_leek Signed-off-by: @small_leek	2021-10-21 01:57:05 +00:00
wang_yue111	b60e7c4566	add version and help usage	2021-10-21 09:45:17 +08:00