FS#33248 - [dosfstools] out of bounds write breaks fsck.vfat -a when compiled with _FORTIFY_SOURCE=2
Attached to Project:
Arch Linux
Opened by . (Thralas) - Sunday, 30 December 2012, 18:43 GMT
Last edited by Tobias Powalowski (tpowa) - Wednesday, 02 January 2013, 14:42 GMT
Opened by . (Thralas) - Sunday, 30 December 2012, 18:43 GMT
Last edited by Tobias Powalowski (tpowa) - Wednesday, 02 January 2013, 14:42 GMT
|
Details
fsck.vfat -a triggers a fortify failure, as a sprintf in
check.c:177 overflows de->name by 1 byte (into
de->ext, which suggests that it might have been the
author's intention).
$ fsck.vfat -a broken_fat.img dosfsck 3.0.13, 30 Jun 2012, FAT32, LFN FATs differ - using first FAT. *** buffer overflow detected ***: fsck.vfat terminated I can't find an upstream bugtracker, but as the Debian maintainer is the dosfstools author, I've responded to an existing bugtracker entry describing the same issue [1]. Unfortunately, the maintainer doesn't seem to have responded to those bug reports, neither did the patch by Red Hat [2] (which was supposedly sent upstream) end up in a release. Perhaps we should apply the Red Hat patch (see [2]) in the meantime? I've also attached my own patch, which is a bit more elaborate/robust. Relevant bug tracker entries: [1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691093 (Debian, upstream?) [2]: https://bugzilla.redhat.com/show_bug.cgi?id=674095 (Red Hat) Steps to reproduce: |
This task depends upon
Closed by Tobias Powalowski (tpowa)
Wednesday, 02 January 2013, 14:42 GMT
Reason for closing: Fixed
Additional comments about closing: 3.0.13-2
Wednesday, 02 January 2013, 14:42 GMT
Reason for closing: Fixed
Additional comments about closing: 3.0.13-2