Skip to content

Commit ff8289a

Browse files
CBL-Mariner-Botsuresh-thelkar
CBL-Mariner-Bot
and
suresh-thelkar
authored
[AUTO-CHERRYPICK] Patch CVE-2023-52890 in ntfs-3g - branch main (#9520)
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
1 parent 36367cb commit ff8289a

2 files changed

Lines changed: 42 additions & 1 deletion

File tree

SPECS/ntfs-3g/CVE-2023-52890.patch

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
From 233f365fdce9d95844dde537440cd9ab36a32454 Mon Sep 17 00:00:00 2001
2+
From: Erik Larsson <erik@tuxera.com>
3+
Date: Tue, 13 Jun 2023 17:47:15 +0300
4+
Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
5+
6+
If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
7+
then 'n' will be less than 0 and the loop will terminate without storing
8+
anything in '*t'. After the loop the uppercase string's allocation is
9+
freed, however after it is freed it is unconditionally accessed through
10+
'*t', which points into the freed allocation, for the purpose of NULL-
11+
terminating the string. This leads to a use-after-free.
12+
Fixed by only NULL-terminating the string when no error has been thrown.
13+
14+
Thanks for Jeffrey Bencteux for reporting this issue:
15+
https://github.com/tuxera/ntfs-3g/issues/84
16+
---
17+
libntfs-3g/unistr.c | 3 ++-
18+
1 file changed, 2 insertions(+), 1 deletion(-)
19+
20+
diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
21+
index 5854b3b..db8ddf4 100644
22+
--- a/libntfs-3g/unistr.c
23+
+++ b/libntfs-3g/unistr.c
24+
@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
25+
free(upp);
26+
upp = (char*)NULL;
27+
errno = EILSEQ;
28+
+ } else {
29+
+ *t = 0;
30+
}
31+
- *t = 0;
32+
}
33+
return (upp);
34+
}
35+
--
36+
2.34.1
37+

SPECS/ntfs-3g/ntfs-3g.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,14 @@
11
Summary: Linux NTFS userspace driver
22
Name: ntfs-3g
33
Version: 2022.10.3
4-
Release: 1%{?dist}
4+
Release: 2%{?dist}
55
License: GPLv2
66
Vendor: Microsoft Corporation
77
Distribution: Mariner
88
URL: https://www.tuxera.com/company/open-source/
99
Source0: https://tuxera.com/opensource/%{name}_ntfsprogs-%{version}.tgz
1010
Patch0: ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
11+
Patch1: CVE-2023-52890.patch
1112

1213
BuildRequires: fuse-devel
1314
BuildRequires: gnutls-devel
@@ -170,6 +171,9 @@ rm -rf %{buildroot}%{_defaultdocdir}/%{name}/README
170171
%exclude %{_mandir}/man8/ntfs-3g*
171172

172173
%changelog
174+
* Mon Jun 17 2024 Suresh Thelkar <sthelkar@microsoft.com> - 2022.10.3-2
175+
- Patch CVE-2023-52890
176+
173177
* Mon Nov 14 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2022.10.3-1
174178
- Auto-upgrade to 2022.10.3 - CVE-2022-40284
175179

0 commit comments

Comments
 (0)