From 10e9a948b38a931482a3feb9d01f17621160e9294fae07476bf996a3e09c48fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 14 Jun 2024 17:19:47 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main ntfs-3g_ntfsprogs revision f3c91b9cafcde8af8e4b37c940ac7981 --- ntfs-3g_ntfsprogs.changes | 7 ++++++ ntfs-3g_ntfsprogs.spec | 11 ++++----- ntfs3g-unistr-use-after-free.patch | 37 ++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 6 deletions(-) create mode 100644 ntfs3g-unistr-use-after-free.patch diff --git a/ntfs-3g_ntfsprogs.changes b/ntfs-3g_ntfsprogs.changes index d151c90..913fbab 100644 --- a/ntfs-3g_ntfsprogs.changes +++ b/ntfs-3g_ntfsprogs.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jun 10 17:13:06 UTC 2024 - Michael Gorse + +- Add ntfs3g-unistr-use-after-free.patch: fix a use after free in + ntfs_uppercase_mbs (boo#1226007). +- No longer call autoconf; likely not needed anymore. + ------------------------------------------------------------------- Tue Dec 27 13:13:17 UTC 2022 - Ludwig Nussel diff --git a/ntfs-3g_ntfsprogs.spec b/ntfs-3g_ntfsprogs.spec index 31a5961..f0ef071 100644 --- a/ntfs-3g_ntfsprogs.spec +++ b/ntfs-3g_ntfsprogs.spec @@ -1,7 +1,7 @@ # # spec file for package ntfs-3g_ntfsprogs # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,7 +30,8 @@ License: GPL-2.0-or-later Group: System/Filesystems URL: https://github.com/tuxera/ntfs-3g/ Source: https://tuxera.com/opensource/%{name}-%{version}.tgz -BuildRequires: autoconf +# PATCH-FIX-UPSTREAM ntfs3g-unistr-use-after-free.patch boo#1226007 mgorse@suse.com -- fix use after free in ntfs_uppercase_mbs. +Patch0: ntfs3g-unistr-use-after-free.patch BuildRequires: gnutls-devel BuildRequires: hwinfo-devel BuildRequires: libgcrypt-devel @@ -51,7 +52,7 @@ Provides: ntfsprogs-fuse = 1.13.1 Obsoletes: ntfsprogs-fuse < 1.13.1 %if 0%{?suse_version} Requires(post): update-alternatives -Requires(postun):update-alternatives +Requires(postun): update-alternatives Supplements: filesystem(ntfs-3g) %endif @@ -108,9 +109,7 @@ In particular ntfsck is just a place holder. Distributions are expected not to They have been orphaned for ten years and are unlikely to be upgraded (except ntfsfallocate, if there is some demand). %prep -%setup -q -# Rebuild configure to pick up the updated AC_HEADER_MAJOR -autoconf +%autosetup -p1 %build # diff --git a/ntfs3g-unistr-use-after-free.patch b/ntfs3g-unistr-use-after-free.patch new file mode 100644 index 0000000..a7835aa --- /dev/null +++ b/ntfs3g-unistr-use-after-free.patch @@ -0,0 +1,37 @@ +From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001 +From: Erik Larsson +Date: Tue, 13 Jun 2023 17:47:15 +0300 +Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'. + +If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence, +then 'n' will be less than 0 and the loop will terminate without storing +anything in '*t'. After the loop the uppercase string's allocation is +freed, however after it is freed it is unconditionally accessed through +'*t', which points into the freed allocation, for the purpose of NULL- +terminating the string. This leads to a use-after-free. +Fixed by only NULL-terminating the string when no error has been thrown. + +Thanks for Jeffrey Bencteux for reporting this issue: +https://github.com/tuxera/ntfs-3g/issues/84 +--- + libntfs-3g/unistr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c +index 5854b3b7..db8ddf42 100644 +--- a/libntfs-3g/unistr.c ++++ b/libntfs-3g/unistr.c +@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low, + free(upp); + upp = (char*)NULL; + errno = EILSEQ; ++ } else { ++ *t = 0; + } +- *t = 0; + } + return (upp); + } +-- +2.45.0 +