1 From d05276dc1d6de119da518d62930b9a8ef55ef7e9 Mon Sep 17 00:00:00 2001
2 From: Yousong Zhou <yszhou4tech@gmail.com>
3 Date: Fri, 25 Oct 2019 10:48:47 +0000
4 Subject: [PATCH] libblkid-tiny: ntfs: fix use-after-free
6 The memory pointed to by ns can be reallocated when checking mft records
10 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
12 libblkid-tiny/ntfs.c | 12 +++++++-----
13 1 file changed, 7 insertions(+), 5 deletions(-)
15 --- a/libblkid-tiny/ntfs.c
16 +++ b/libblkid-tiny/ntfs.c
17 @@ -88,6 +88,7 @@ static int probe_ntfs(blkid_probe pr, co
19 uint32_t sectors_per_cluster, mft_record_size;
21 + uint64_t volume_serial;
22 uint64_t nr_clusters, off; //, attr_off;
23 unsigned char *buf_mft;
25 @@ -148,15 +149,16 @@ static int probe_ntfs(blkid_probe pr, co
29 + volume_serial = ns->volume_serial;
30 off = le64_to_cpu(ns->mft_cluster_location) * sector_size *
33 DBG(LOWPROBE, ul_debug("NTFS: sector_size=%"PRIu16", mft_record_size=%"PRIu32", "
34 "sectors_per_cluster=%"PRIu32", nr_clusters=%"PRIu64" "
35 - "cluster_offset=%"PRIu64"",
36 + "cluster_offset=%"PRIu64", volume_serial=%"PRIu64"",
37 sector_size, mft_record_size,
38 sectors_per_cluster, nr_clusters,
40 + off, volume_serial));
42 buf_mft = blkid_probe_get_buffer(pr, off, mft_record_size);
44 @@ -207,9 +209,9 @@ static int probe_ntfs(blkid_probe pr, co
47 blkid_probe_sprintf_uuid(pr,
48 - (unsigned char *) &ns->volume_serial,
49 - sizeof(ns->volume_serial),
50 - "%016" PRIX64, le64_to_cpu(ns->volume_serial));
51 + (unsigned char *) &volume_serial,
52 + sizeof(volume_serial),
53 + "%016" PRIX64, le64_to_cpu(volume_serial));
projects / openwrt / openwrt.git / blob