Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 875665 Details for
Bug 916028
sys-fs/mtools: buffer overflow with mcopy with _FORTIFY_SOURCE=3 when built with -O3
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH] vfat: fix out-of-bounds write in autorename
0001-vfat-fix-out-of-bounds-write-in-autorename.patch (text/plain), 1.08 KB, created by
Arsen Arsenović
on 2023-11-25 22:46:49 UTC
(
hide
)
Description:
[PATCH] vfat: fix out-of-bounds write in autorename
Filename:
MIME Type:
Creator:
Arsen Arsenović
Created:
2023-11-25 22:46:49 UTC
Size:
1.08 KB
patch
obsolete
>From 4ed6e0ce2503d56e2638b235adbe78524c22caa9 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= <arsen@gentoo.org> >Date: Sat, 25 Nov 2023 23:27:15 +0100 >Subject: [PATCH] vfat: fix out-of-bounds write in autorename > >In vfat.c:autorename, the rename routine updates the trailing two >characters of the non-null-terminated dos_name::base using sprintf, >however, sprintf writes a null terminator one past the end of the >buffer. To prevent this, we can use snprintf with and pass it the >correct output buffer size. > >Detected via _FORTIFY_SOURCE=3. > >Bug: https://bugs.gentoo.org/916028 >--- > vfat.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/vfat.c b/vfat.c >index 5247d99..ab23098 100644 >--- a/vfat.c >+++ b/vfat.c >@@ -127,7 +127,7 @@ static void autorename(char *name, > > tmp = name[dotpos]; > if((bump && seqnum == 1) || seqnum > 1 || mtools_numeric_tail) >- sprintf(name+tildapos,"%c%d",tilda, seqnum); >+ snprintf(name+tildapos,limit-tildapos,"%c%d",tilda, seqnum); > if(dot) > name[dotpos]=tmp; > /* replace the character if it wasn't a space */ >-- >2.43.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 916028
: 875665