path: root/ntfs-3g/CVE-2019-9755.patch

    1 From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001
    2 From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr>
    3 Date: Wed, 19 Dec 2018 15:57:50 +0100
    4 Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
    5 
    6 The size check was inefficient because getcwd() uses an unsigned int
    7 argument.
    8 ---
    9  src/lowntfs-3g.c | 6 +++++-
   10  src/ntfs-3g.c    | 6 +++++-
   11  2 files changed, 10 insertions(+), 2 deletions(-)
   12 
   13 diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
   14 index 993867fa..0660439b 100644
   15 --- a/src/lowntfs-3g.c
   16 +++ b/src/lowntfs-3g.c
   17 @@ -4411,7 +4411,8 @@ int main(int argc, char *argv[])
   18  	else {
   19  		ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
   20  		if (ctx->abs_mnt_point) {
   21 -			if (getcwd(ctx->abs_mnt_point,
   22 +			if ((strlen(opts.mnt_point) < PATH_MAX)
   23 +			    && getcwd(ctx->abs_mnt_point,
   24  				     PATH_MAX - strlen(opts.mnt_point) - 1)) {
   25  				strcat(ctx->abs_mnt_point, "/");
   26  				strcat(ctx->abs_mnt_point, opts.mnt_point);
   27 @@ -4419,6 +4420,9 @@ int main(int argc, char *argv[])
   28  			/* Solaris also wants the absolute mount point */
   29  				opts.mnt_point = ctx->abs_mnt_point;
   30  #endif /* defined(__sun) && defined (__SVR4) */
   31 +			} else {
   32 +				free(ctx->abs_mnt_point);
   33 +				ctx->abs_mnt_point = (char*)NULL;
   34  			}
   35  		}
   36  	}
   37 diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
   38 index 6ce89fef..4e0912ae 100644
   39 --- a/src/ntfs-3g.c
   40 +++ b/src/ntfs-3g.c
   41 @@ -4148,7 +4148,8 @@ int main(int argc, char *argv[])
   42  	else {
   43  		ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
   44  		if (ctx->abs_mnt_point) {
   45 -			if (getcwd(ctx->abs_mnt_point,
   46 +			if ((strlen(opts.mnt_point) < PATH_MAX)
   47 +			    && getcwd(ctx->abs_mnt_point,
   48  				     PATH_MAX - strlen(opts.mnt_point) - 1)) {
   49  				strcat(ctx->abs_mnt_point, "/");
   50  				strcat(ctx->abs_mnt_point, opts.mnt_point);
   51 @@ -4156,6 +4157,9 @@ int main(int argc, char *argv[])
   52  			/* Solaris also wants the absolute mount point */
   53  				opts.mnt_point = ctx->abs_mnt_point;
   54  #endif /* defined(__sun) && defined (__SVR4) */
   55 +			} else {
   56 +				free(ctx->abs_mnt_point);
   57 +				ctx->abs_mnt_point = (char*)NULL;
   58  			}
   59  		}
   60  	}
   61 -- 
   62 2.26.1