git: usr.sbin/fstyp: Fix intra-object buffer overread for labeled msdosfs volumes

Tomohiro Kusumi tkusumi at crater.dragonflybsd.org
Wed Nov 3 06:47:32 PDT 2021


commit bc425cd926be5780293e34a801f97124ce041690
Author: Tomohiro Kusumi <tkusumi at netbsd.org>
Date:   Wed Nov 3 22:35:00 2021 +0900

    usr.sbin/fstyp: Fix intra-object buffer overread for labeled msdosfs volumes
    
    Volume labels, like directory entries, are padded with spaces and so
    have no NUL terminator. Whilst the MIN for the dsize argument to strlcpy
    ensures that the copy does not overflow the destination, strlcpy is
    defined to return the number of characters in the source string,
    regardless of the provided dsize, and so keeps reading until it finds a
    NUL, which likely exists somewhere within the following fields, but On
    CHERI with the subobject bounds enabled in the compiler this buffer
    overread will be detected and trap with a bounds violation.
    
    taken from FreeBSD
    34fb1c133c5b8616f14f1d740d99747b427f5571
    63d24336fd1aad81a4bdefb11d8c487cee5f88a0

Summary of changes:
 usr.sbin/fstyp/msdosfs.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/bc425cd926be5780293e34a801f97124ce041690


-- 
DragonFly BSD source repository


More information about the Commits mailing list