[AUTO-CHERRYPICK] Patch CVE-2023-52890 in ntfs-3g - branch main (#9520)
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
This commit is contained in:
CBL-Mariner-Bot
GitHub
Родитель
36367cba80
Коммит
ff8289a113
|
|
@ -0,0 +1,37 @@
|
|||
From 233f365fdce9d95844dde537440cd9ab36a32454 Mon Sep 17 00:00:00 2001
|
||||
From: Erik Larsson <erik@tuxera.com>
|
||||
Date: Tue, 13 Jun 2023 17:47:15 +0300
|
||||
Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
|
||||
|
||||
If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
|
||||
then 'n' will be less than 0 and the loop will terminate without storing
|
||||
anything in '*t'. After the loop the uppercase string's allocation is
|
||||
freed, however after it is freed it is unconditionally accessed through
|
||||
'*t', which points into the freed allocation, for the purpose of NULL-
|
||||
terminating the string. This leads to a use-after-free.
|
||||
Fixed by only NULL-terminating the string when no error has been thrown.
|
||||
|
||||
Thanks for Jeffrey Bencteux for reporting this issue:
|
||||
https://github.com/tuxera/ntfs-3g/issues/84
|
||||
---
|
||||
libntfs-3g/unistr.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
|
||||
index 5854b3b..db8ddf4 100644
|
||||
--- a/libntfs-3g/unistr.c
|
||||
+++ b/libntfs-3g/unistr.c
|
||||
@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
|
||||
free(upp);
|
||||
upp = (char*)NULL;
|
||||
errno = EILSEQ;
|
||||
+ } else {
|
||||
+ *t = 0;
|
||||
}
|
||||
- *t = 0;
|
||||
}
|
||||
return (upp);
|
||||
}
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
|
@ -1,13 +1,14 @@
|
|||
Summary: Linux NTFS userspace driver
|
||||
Name: ntfs-3g
|
||||
Version: 2022.10.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://www.tuxera.com/company/open-source/
|
||||
Source0: https://tuxera.com/opensource/%{name}_ntfsprogs-%{version}.tgz
|
||||
Patch0: ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
|
||||
Patch1: CVE-2023-52890.patch
|
||||
|
||||
BuildRequires: fuse-devel
|
||||
BuildRequires: gnutls-devel
|
||||
|
|
@ -170,6 +171,9 @@ rm -rf %{buildroot}%{_defaultdocdir}/%{name}/README
|
|||
%exclude %{_mandir}/man8/ntfs-3g*
|
||||
|
||||
%changelog
|
||||
* Mon Jun 17 2024 Suresh Thelkar <sthelkar@microsoft.com> - 2022.10.3-2
|
||||
- Patch CVE-2023-52890
|
||||
|
||||
* Mon Nov 14 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2022.10.3-1
|
||||
- Auto-upgrade to 2022.10.3 - CVE-2022-40284
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче