diff options
Diffstat (limited to 'debian/patches/CVE-2023-45897-out-of-bounds-memory-access')
-rw-r--r-- | debian/patches/CVE-2023-45897-out-of-bounds-memory-access | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/debian/patches/CVE-2023-45897-out-of-bounds-memory-access b/debian/patches/CVE-2023-45897-out-of-bounds-memory-access new file mode 100644 index 0000000..85a296f --- /dev/null +++ b/debian/patches/CVE-2023-45897-out-of-bounds-memory-access @@ -0,0 +1,67 @@ +Description: CVE-2023-45897 out-of-bounds memory access +Origin: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf + https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 + https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae +Last-Update: 2023-10-31 +Index: exfatprogs/exfat2img/exfat2img.c +=================================================================== +--- exfatprogs.orig/exfat2img/exfat2img.c ++++ exfatprogs/exfat2img/exfat2img.c +@@ -319,7 +319,7 @@ static int read_file_dentry_set(struct e + if (!node) + return -ENOMEM; + +- for (i = 2; i <= file_de->file_num_ext; i++) { ++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { + ret = exfat_de_iter_get(iter, i, &dentry); + if (ret || dentry->type != EXFAT_NAME) + break; +Index: exfatprogs/fsck/fsck.c +=================================================================== +--- exfatprogs.orig/fsck/fsck.c ++++ exfatprogs/fsck/fsck.c +@@ -769,7 +769,7 @@ ask_again: + char *rename = NULL; + __u16 hash; + struct exfat_dentry *stream_de; +- int name_len, ret; ++ int ret; + + switch (num) { + case 1: +@@ -798,11 +798,11 @@ ask_again: + if (ret < 0) + return ret; + ++ ret >>=1; + memcpy(dentry->name_unicode, utf16_name, ENTRY_NAME_MAX * 2); +- name_len = exfat_utf16_len(utf16_name, ENTRY_NAME_MAX * 2); +- hash = exfat_calc_name_hash(iter->exfat, utf16_name, (int)name_len); ++ hash = exfat_calc_name_hash(iter->exfat, utf16_name, ret); + exfat_de_iter_get_dirty(iter, 1, &stream_de); +- stream_de->stream_name_len = (__u8)name_len; ++ stream_de->stream_name_len = (__u8)ret; + stream_de->stream_name_hash = cpu_to_le16(hash); + } + +@@ -856,7 +856,7 @@ static int read_file_dentry_set(struct e + if (!node) + return -ENOMEM; + +- for (i = 2; i <= file_de->file_num_ext; i++) { ++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { + ret = exfat_de_iter_get(iter, i, &dentry); + if (ret || dentry->type != EXFAT_NAME) { + if (i > 2 && repair_file_ask(iter, NULL, ER_DE_NAME, +Index: exfatprogs/include/exfat_ondisk.h +=================================================================== +--- exfatprogs.orig/include/exfat_ondisk.h ++++ exfatprogs/include/exfat_ondisk.h +@@ -40,6 +40,7 @@ + /* exFAT allows 8388608(256MB) directory entries */ + #define MAX_EXFAT_DENTRIES 8388608 + #define MIN_FILE_DENTRIES 3 ++#define MAX_NAME_DENTRIES 17 + + /* dentry types */ + #define MSDOS_DELETED 0xE5 /* deleted mark */ |