!44 fix CVE-2023-52890

From: @kylin-qiaojijun Reviewed-by: @wk333 Signed-off-by: @wk333
fix CVE-2023-52890
2024-06-17 07:31:25 +00:00 · 2024-06-17 14:53:33 +08:00 · 2023-04-18 06:06:52 +00:00 · 2023-04-18 11:17:39 +08:00 · 2022-11-10 07:41:44 +00:00 · 2022-11-10 14:35:25 +08:00
5 changed files with 89 additions and 4 deletions
--- a/CVE-2023-52890.patch
+++ b/CVE-2023-52890.patch
@ -0,0 +1,37 @@
 From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001
 From: Erik Larsson <erik@tuxera.com>
 Date: Tue, 13 Jun 2023 17:47:15 +0300
 Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
 If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
 then 'n' will be less than 0 and the loop will terminate without storing
 anything in '*t'. After the loop the uppercase string's allocation is
 freed, however after it is freed it is unconditionally accessed through
 '*t', which points into the freed allocation, for the purpose of NULL-
 terminating the string. This leads to a use-after-free.
 Fixed by only NULL-terminating the string when no error has been thrown.
 Thanks for Jeffrey Bencteux for reporting this issue:
 https://github.com/tuxera/ntfs-3g/issues/84
 ---
 libntfs-3g/unistr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
 index 5854b3b7..db8ddf42 100644
 --- a/libntfs-3g/unistr.c
 +++ b/libntfs-3g/unistr.c
@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
 			free(upp);
 			upp = (char*)NULL;
 			errno = EILSEQ;
 +		} else {
 +			*t = 0;
 		}
 -		*t = 0;
 	}
 	return (upp);
 }
 -- 
 2.20.1
--- a/add-version-and-help-usage.patch
+++ b/add-version-and-help-usage.patch
@ -0,0 +1,27 @@
 From 5eeccb85a67bbd365839afc65eda4eb388375e68 Mon Sep 17 00:00:00 2001
 From: wang_yue111 <648774160@qq.com>
 Date: Wed, 20 Oct 2021 17:37:51 +0800
 Subject: [PATCH] add version and help usage
 ---
 ntfsprogs/ntfssecaudit.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/ntfsprogs/ntfssecaudit.c b/ntfsprogs/ntfssecaudit.c
 index 9484a60..caa3da3 100644
 --- a/ntfsprogs/ntfssecaudit.c
 +++ b/ntfsprogs/ntfssecaudit.c
@@ -6007,6 +6007,10 @@ static void usage(void)
 	fprintf(stderr,"	set the security parameters of file to perms\n");
 	fprintf(stderr,"   ntfssecaudit -r[v] volume perms directory\n");
 	fprintf(stderr,"	set the security parameters of files in directory to perms\n");
 +	fprintf(stderr,"   ntfssecaudit -V\n");
 +	fprintf(stderr,"        display version\n");
 +	fprintf(stderr,"   ntfssecaudit -H\n");
 +	fprintf(stderr,"        display usage\n");
 #ifdef HAVE_SETXATTR
 	fprintf(stderr," special cases, do not require being root :\n");
 	fprintf(stderr,"   ntfssecaudit -u mounted-file\n");
 -- 
 2.23.0
--- a/ntfs-3g.spec
+++ b/ntfs-3g.spec
@ -1,12 +1,16 @@
 Name:          ntfs-3g
-Version:       2021.8.22
+Version:       2022.10.3
-Release:       1
+Release:       2
 Epoch:         2
 Summary:       Linux NTFS userspace driver
 License:       GPLv2+
 URL:           http://www.ntfs-3g.org/
 Source0:       http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz
 Patch0:        0000-ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
 Patch1:        add-version-and-help-usage.patch
 Patch3000:     CVE-2023-52890.patch
 BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
 Provides:      ntfsprogs-fuse = %{epoch}:%{version}-%{release}
 Obsoletes:     ntfsprogs-fuse
@ -39,8 +43,7 @@ Requires:       man
 This package includes man files for %{name}.
 %prep
-%setup -q -n %{name}_ntfsprogs-%{version}%{?subver}
+%autosetup -n %{name}_ntfsprogs-%{version}%{?subver} -p1
 %patch0 -p1 -b .unsupported
 %build
 CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
@ -88,6 +91,24 @@ rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/README
 %{_mandir}/man*/*
 %changelog
 * Mon Jun 17 2024 qiaojijun <qiaojijun@kylinos.cn> - 2:2022.10.3-2
 - Type:bugfix
 - Id:NA
 - SUG:NA
 - DESC: fix CVE-2023-52890
 * Tue Apr 18 2023 liyanan <thistleslyn@163.com> - 2:2022.10.3-1
 - Update to 2022.10.3
 * Thu Nov 10 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 2:2022.5.17-2
 - fix CVE-2022-40284
 * Fri May 27 2022 wangkai <wangkai385@h-partners.com> - 2:2022.5.17-1
 - Upgrade to 2022.5.17 to fix the cves
 * Thu Oct 21 2021 wangyue <wangyue92@huawei.com> - 2:2021.8.22-2
 - add version and help usage
 * Wed Sep 22 2021 houyingchao <houyingchao@huawei.com> - 2:2021.8.22-1
 - Upgrade to 2021.8.22 to fix the cves
--- a/ntfs-3g_ntfsprogs-2021.8.22.tgz
+++ b/ntfs-3g_ntfsprogs-2021.8.22.tgz
--- a/ntfs-3g_ntfsprogs-2022.10.3.tgz
+++ b/ntfs-3g_ntfsprogs-2022.10.3.tgz
Author	SHA1	Message	Date
openeuler-ci-bot	4da63c7568	!44 fix CVE-2023-52890 From: @kylin-qiaojijun Reviewed-by: @wk333 Signed-off-by: @wk333	2024-06-17 07:31:25 +00:00
qiaojijun	9abbef29d7	fix CVE-2023-52890 from: `75dcdc2cf3`	2024-06-17 14:53:33 +08:00
openeuler-ci-bot	2ad773efbe	!42 Update to 2022.10.3 From: @lyn1001 Reviewed-by: @caodongxia Signed-off-by: @caodongxia	2023-04-18 06:06:52 +00:00
lyn1001	f517b3f618	update to 2022.10.3	2023-04-18 11:17:39 +08:00
openeuler-ci-bot	13a795d893	!39 [sync] PR-35: fix CVE-2022-40284 From: @openeuler-sync-bot Reviewed-by: @caodongxia Signed-off-by: @caodongxia	2022-11-10 07:41:44 +00:00
liyuxiang	63f2e886fe	CVE-2022-40284 (cherry picked from commit 5761138b7de6dca79bcbe8c2e6b989d260e3ab0b)	2022-11-10 14:35:25 +08:00
openeuler-ci-bot	f2736ab310	!27 Upgrade to 2022.5.17 to fix the cves From: @wk333 Reviewed-by: @small_leek Signed-off-by: @small_leek	2022-05-30 01:02:12 +00:00
wk333	db08f73f11	Upgrade to 2022.5.17 to fix the cves	2022-05-27 15:57:21 +08:00
openeuler-ci-bot	df3b9c0a01	!21 add version and help usage From: @wang_yue111 Reviewed-by: @small_leek Signed-off-by: @small_leek	2021-10-21 01:57:05 +00:00
wang_yue111	b60e7c4566	add version and help usage	2021-10-21 09:45:17 +08:00