mirror of
https://github.com/pbatard/rufus.git
synced 2024-08-14 23:57:05 +00:00
[iso] fix a buffer overflow in iso9660/iso9660_fs.c
* Whereas the length of the buffer allocated for the UTF-8 filename string is the same length as the UCS-2 (which means it can store twice as many UTF-8 bytes as there are characters in the filename), it is still possible for the converted UTF-8 string to overflow this buffer if the name contains glyphs that use 3 or 4-byte sequences. * As a result, use strncpy with the actual size of the UTF-8 filename buffer (the following bytes are calloc'd to zero so the truncated string will be NUL terminated) and produce a warning if the filename is truncated. * Vulnerability discovered and reported by Mansour Gashasbi (@gashasbi).
This commit is contained in:
parent
4eda8d9d5c
commit
8a8e418751
2 changed files with 10 additions and 7 deletions
|
@ -865,8 +865,11 @@ _iso9660_recname_to_cstring(const char *src, size_t src_len,
|
|||
cdio_utf8_t *p_psz_out = NULL;
|
||||
|
||||
if (cdio_charset_to_utf8(src, i_inlen, &p_psz_out, "UCS-2BE")) {
|
||||
if (cpy_result != NULL)
|
||||
strcpy(cpy_result, p_psz_out);
|
||||
if (cpy_result != NULL) {
|
||||
strncpy(cpy_result, p_psz_out, i_inlen);
|
||||
if (strlen(p_psz_out) > i_inlen)
|
||||
cdio_warn("file name '%s' will be truncated", p_psz_out);
|
||||
}
|
||||
if (alloc_result != NULL)
|
||||
*alloc_result = p_psz_out;
|
||||
else
|
||||
|
|
10
src/rufus.rc
10
src/rufus.rc
|
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
|
|||
IDD_DIALOG DIALOGEX 12, 12, 232, 326
|
||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||
EXSTYLE WS_EX_ACCEPTFILES
|
||||
CAPTION "Rufus 4.5.2125"
|
||||
CAPTION "Rufus 4.5.2126"
|
||||
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
|
||||
BEGIN
|
||||
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
|
||||
|
@ -397,8 +397,8 @@ END
|
|||
//
|
||||
|
||||
VS_VERSION_INFO VERSIONINFO
|
||||
FILEVERSION 4,5,2125,0
|
||||
PRODUCTVERSION 4,5,2125,0
|
||||
FILEVERSION 4,5,2126,0
|
||||
PRODUCTVERSION 4,5,2126,0
|
||||
FILEFLAGSMASK 0x3fL
|
||||
#ifdef _DEBUG
|
||||
FILEFLAGS 0x1L
|
||||
|
@ -416,13 +416,13 @@ BEGIN
|
|||
VALUE "Comments", "https://rufus.ie"
|
||||
VALUE "CompanyName", "Akeo Consulting"
|
||||
VALUE "FileDescription", "Rufus"
|
||||
VALUE "FileVersion", "4.5.2125"
|
||||
VALUE "FileVersion", "4.5.2126"
|
||||
VALUE "InternalName", "Rufus"
|
||||
VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)"
|
||||
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
|
||||
VALUE "OriginalFilename", "rufus-4.5.exe"
|
||||
VALUE "ProductName", "Rufus"
|
||||
VALUE "ProductVersion", "4.5.2125"
|
||||
VALUE "ProductVersion", "4.5.2126"
|
||||
END
|
||||
END
|
||||
BLOCK "VarFileInfo"
|
||||
|
|
Loading…
Reference in a new issue