Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
exfatprogs
fsck-fix-out-of-bounds-write-in-read_file_dentr...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fsck-fix-out-of-bounds-write-in-read_file_dentry_set.patch of Package exfatprogs
From ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf Mon Sep 17 00:00:00 2001 From: Hyunchul Lee <hyc.lee@gmail.com> Date: Wed, 25 Oct 2023 15:29:29 +0900 Subject: [PATCH] fsck: fix out-of-bounds write in read_file_dentry_set References: bsc#1216701 if SecondaryCount is greater than (2 + the max number of File Name entries), writing to memory outside the node->name could happen. Reported-by: Maxim Suhanov <dfirblog@gmail.com> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Reviewed-by: Yuezhang Mo <Yuezhang.Mo@sony.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Index: exfatprogs-1.0.4/fsck/fsck.c =================================================================== --- exfatprogs-1.0.4.orig/fsck/fsck.c +++ exfatprogs-1.0.4/fsck/fsck.c @@ -969,7 +969,7 @@ static int read_file_dentries(struct exf return -EINVAL; } - for (i = 2; i <= file_de->file_num_ext; i++) { + for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { ret = exfat_de_iter_get(iter, i, &name_de); if (ret || name_de->type != EXFAT_NAME) { exfat_err("failed to get name dentry. %d\n", ret); Index: exfatprogs-1.0.4/include/exfat_ondisk.h =================================================================== --- exfatprogs-1.0.4.orig/include/exfat_ondisk.h +++ exfatprogs-1.0.4/include/exfat_ondisk.h @@ -39,6 +39,7 @@ #define DENTRY_SIZE_BITS 5 /* exFAT allows 8388608(256MB) directory entries */ #define MAX_EXFAT_DENTRIES 8388608 +#define MAX_NAME_DENTRIES 17 /* dentry types */ #define MSDOS_DELETED 0xE5 /* deleted mark */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
