Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
ntfs-3g_ntfsprogs
ntfs3g-unistr-use-after-free.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ntfs3g-unistr-use-after-free.patch of Package ntfs-3g_ntfsprogs
From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001 From: Erik Larsson <erik@tuxera.com> Date: Tue, 13 Jun 2023 17:47:15 +0300 Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'. If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence, then 'n' will be less than 0 and the loop will terminate without storing anything in '*t'. After the loop the uppercase string's allocation is freed, however after it is freed it is unconditionally accessed through '*t', which points into the freed allocation, for the purpose of NULL- terminating the string. This leads to a use-after-free. Fixed by only NULL-terminating the string when no error has been thrown. Thanks for Jeffrey Bencteux for reporting this issue: https://github.com/tuxera/ntfs-3g/issues/84 --- libntfs-3g/unistr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c index 5854b3b7..db8ddf42 100644 --- a/libntfs-3g/unistr.c +++ b/libntfs-3g/unistr.c @@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low, free(upp); upp = (char*)NULL; errno = EILSEQ; + } else { + *t = 0; } - *t = 0; } return (upp); } -- 2.45.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor