packages/ntfs-3g
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!45 fix CVE-2023-52890

Browse Source 
From: @kylin-qiaojijun 
Reviewed-by: @wk333 
Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot 2024-06-17 06:31:19 +00:00 committed by Gitee
commit 8e534f4ee3
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
3000-CVE-2023-52890.patch Normal file
View File

@ -0,0 +1,37 @@
From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001
From: Erik Larsson <erik@tuxera.com>
Date: Tue, 13 Jun 2023 17:47:15 +0300
Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
then 'n' will be less than 0 and the loop will terminate without storing
anything in '*t'. After the loop the uppercase string's allocation is
freed, however after it is freed it is unconditionally accessed through
'*t', which points into the freed allocation, for the purpose of NULL-
terminating the string. This leads to a use-after-free.
Fixed by only NULL-terminating the string when no error has been thrown.
Thanks for Jeffrey Bencteux for reporting this issue:
https://github.com/tuxera/ntfs-3g/issues/84
---
libntfs-3g/unistr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
index 5854b3b7..db8ddf42 100644
--- a/libntfs-3g/unistr.c
+++ b/libntfs-3g/unistr.c
@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
free(upp);
upp = (char*)NULL;
errno = EILSEQ;
+ } else {
+ *t = 0;
}
- *t = 0;
}
return (upp);
}
--
2.20.1

7
ntfs-3g.spec
View File

@ -1,6 +1,6 @@
Name: ntfs-3g Name: ntfs-3g
Version: 2022.5.17 Version: 2022.5.17
Release: 2 Release: 3
Epoch: 2 Epoch: 2
Summary: Linux NTFS userspace driver Summary: Linux NTFS userspace driver
License: GPLv2+ License: GPLv2+
@ -11,6 +11,8 @@ Patch1: add-version-and-help-usage.patch
Patch2: CVE-2022-40284_1.patch Patch2: CVE-2022-40284_1.patch
Patch3: CVE-2022-40284_2.patch Patch3: CVE-2022-40284_2.patch
Patch3000: 3000-CVE-2023-52890.patch
BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release} Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release}
Obsoletes: ntfsprogs-fuse Obsoletes: ntfsprogs-fuse
@ -91,6 +93,9 @@ rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/README
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Mon Jun 17 2024 qiaojijun<qiaojijun@kylinos.cn> - 2:2022.5.17-3
- fix CVE-2023-52890
* Thu Nov 10 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 2:2022.5.17-2 * Thu Nov 10 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 2:2022.5.17-2
- fix CVE-2022-40284 - fix CVE-2022-40284