Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename

info-mtools

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename

From:	Alain Knaff
Subject:	Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename
Date:	Sun, 2 Jun 2024 10:45:54 +0200
User-agent:	Mozilla Thunderbird

Hi,

On 25/11/2023 23:35, Arsen Arsenović wrote:
> In vfat.c:autorename, the rename routine updates the trailing two
> characters of the non-null-terminated dos_name::base using sprintf,
> however, sprintf writes a null terminator one past the end of the
> buffer.

The original contents (first character of 3 char extension) was saved,
and then restored afterwards

>  To prevent this, we can use snprintf with and pass it the
> output buffer size.

Unfortunately this does not what is intended, as it just writes the null
terminator one character early, thus losing the version number after the
tilda (or at least its last digit)

I addressed the issue in 4.0.44 by implementing a non-terminating
fmt_num function in mtools itself instead. Now, no character outside the
string is overwritten, not even temporarily.

Regards,

Alain

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename, Alain Knaff <=
- Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename, Arsen Arsenović, 2024/06/05

Prev by Date: [Info-mtools] GNU mtools 4.0.44 released
Next by Date: Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename
Previous by thread: [Info-mtools] GNU mtools 4.0.44 released
Next by thread: Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename
Index(es):
- Date
- Thread