Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename

info-mtools

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename

From:	Arsen Arsenović
Subject:	Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename
Date:	Thu, 06 Jun 2024 00:37:32 +0200

Hi,

Alain Knaff via Info-mtools <info-mtools@gnu.org> writes:

> Hi,
>
> On 25/11/2023 23:35, Arsen Arsenović wrote:
>> In vfat.c:autorename, the rename routine updates the trailing two
>> characters of the non-null-terminated dos_name::base using sprintf,
>> however, sprintf writes a null terminator one past the end of the
>> buffer.
>
> The original contents (first character of 3 char extension) was saved,
> and then restored afterwards

Yes, I figured it worked despite it.

>>  To prevent this, we can use snprintf with and pass it the
>> output buffer size.
>
> Unfortunately this does not what is intended, as it just writes the null
> terminator one character early, thus losing the version number after the
> tilda (or at least its last digit)

Ah!  I confused my trimming behavior with other functions.

> I addressed the issue in 4.0.44 by implementing a non-terminating
> fmt_num function in mtools itself instead. Now, no character outside the
> string is overwritten, not even temporarily.

Thanks, will test soon.

Have a lovely day.
-- 
Arsen Arsenović

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename, Alain Knaff, 2024/06/02
- Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename, Arsen Arsenović <=

Prev by Date: Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename
Previous by thread: Re: [Info-mtools] [PATCH] vfat: fix out-of-bounds write in autorename
Index(es):
- Date
- Thread