From c79b0c0041e67f07b0aa85b59a12f260c919381e Mon Sep 17 00:00:00 2001 From: mgb01105731 Date: Tue, 25 Jun 2024 11:40:15 +0800 Subject: [PATCH] CVE-2023-52890 --- CVE-2023-52890.patch | 34 ++++++++++++++++++++++++++++++++++ ntfs-3g.spec | 7 ++++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 CVE-2023-52890.patch diff --git a/CVE-2023-52890.patch b/CVE-2023-52890.patch new file mode 100644 index 0000000..bf26dbf --- /dev/null +++ b/CVE-2023-52890.patch @@ -0,0 +1,34 @@ +From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001 +From: Erik Larsson +Date: Tue, 13 Jun 2023 17:47:15 +0300 +Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'. + +If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence, +then 'n' will be less than 0 and the loop will terminate without storing +anything in '*t'. After the loop the uppercase string's allocation is +freed, however after it is freed it is unconditionally accessed through +'*t', which points into the freed allocation, for the purpose of NULL- +terminating the string. This leads to a use-after-free. +Fixed by only NULL-terminating the string when no error has been thrown. + +Thanks for Jeffrey Bencteux for reporting this issue: +https://github.com/tuxera/ntfs-3g/issues/84 +--- + libntfs-3g/unistr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c +index 5854b3b7..db8ddf42 100644 +--- a/libntfs-3g/unistr.c ++++ b/libntfs-3g/unistr.c +@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low, + free(upp); + upp = (char*)NULL; + errno = EILSEQ; ++ } else { ++ *t = 0; + } +- *t = 0; + } + return (upp); + } diff --git a/ntfs-3g.spec b/ntfs-3g.spec index 617f28a..dbf17d0 100644 --- a/ntfs-3g.spec +++ b/ntfs-3g.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %bcond_with externalfuse Name: ntfs-3g @@ -28,6 +28,8 @@ Obsoletes: ntfsprogs-fuse < %{epoch}:%{version}-%{release} Provides: fuse-ntfs-3g = %{epoch}:%{version}-%{release} #Recommends: ntfs-3g-system-compression +Patch0: CVE-2023-52890.patch + %description NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe @@ -214,6 +216,9 @@ rm -rf %{buildroot}%{_defaultdocdir}/%{name}/README %exclude %{_mandir}/man8/ntfs-3g* %changelog +* Tue Jun 25 2024 mgb01105731 - 2:2022.10.3-2 +- CVE-2023-52890 + * Sun Nov 27 2022 Funda Wang - 2:2022.10.3-1 - New version 2022.10.3 -- Gitee