git: usr.sbin/fstyp: Fix intra-object buffer overread for labeled msdosfs volumes
Tomohiro Kusumi
tkusumi at crater.dragonflybsd.org
Wed Nov 3 06:47:32 PDT 2021
commit bc425cd926be5780293e34a801f97124ce041690
Author: Tomohiro Kusumi <tkusumi at netbsd.org>
Date: Wed Nov 3 22:35:00 2021 +0900
usr.sbin/fstyp: Fix intra-object buffer overread for labeled msdosfs volumes
Volume labels, like directory entries, are padded with spaces and so
have no NUL terminator. Whilst the MIN for the dsize argument to strlcpy
ensures that the copy does not overflow the destination, strlcpy is
defined to return the number of characters in the source string,
regardless of the provided dsize, and so keeps reading until it finds a
NUL, which likely exists somewhere within the following fields, but On
CHERI with the subobject bounds enabled in the compiler this buffer
overread will be detected and trap with a bounds violation.
taken from FreeBSD
34fb1c133c5b8616f14f1d740d99747b427f5571
63d24336fd1aad81a4bdefb11d8c487cee5f88a0
Summary of changes:
usr.sbin/fstyp/msdosfs.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/bc425cd926be5780293e34a801f97124ce041690
--
DragonFly BSD source repository
More information about the Commits
mailing list