mirror of
https://github.com/pbatard/rufus.git
synced 2024-08-14 23:57:05 +00:00
[iso] fix a buffer overflow in iso9660/iso9660_fs.c
* Whereas the length of the buffer allocated for the UTF-8 filename string is the same length as the UCS-2 (which means it can store twice as many UTF-8 bytes as there are characters in the filename), it is still possible for the converted UTF-8 string to overflow this buffer if the name contains glyphs that use 3 or 4-byte sequences. * As a result, use strncpy with the actual size of the UTF-8 filename buffer (the following bytes are calloc'd to zero so the truncated string will be NUL terminated) and produce a warning if the filename is truncated. * Vulnerability discovered and reported by Mansour Gashasbi (@gashasbi).
This commit is contained in:
parent
4eda8d9d5c
commit
8a8e418751
2 changed files with 10 additions and 7 deletions
|
@ -865,8 +865,11 @@ _iso9660_recname_to_cstring(const char *src, size_t src_len,
|
||||||
cdio_utf8_t *p_psz_out = NULL;
|
cdio_utf8_t *p_psz_out = NULL;
|
||||||
|
|
||||||
if (cdio_charset_to_utf8(src, i_inlen, &p_psz_out, "UCS-2BE")) {
|
if (cdio_charset_to_utf8(src, i_inlen, &p_psz_out, "UCS-2BE")) {
|
||||||
if (cpy_result != NULL)
|
if (cpy_result != NULL) {
|
||||||
strcpy(cpy_result, p_psz_out);
|
strncpy(cpy_result, p_psz_out, i_inlen);
|
||||||
|
if (strlen(p_psz_out) > i_inlen)
|
||||||
|
cdio_warn("file name '%s' will be truncated", p_psz_out);
|
||||||
|
}
|
||||||
if (alloc_result != NULL)
|
if (alloc_result != NULL)
|
||||||
*alloc_result = p_psz_out;
|
*alloc_result = p_psz_out;
|
||||||
else
|
else
|
||||||
|
|
10
src/rufus.rc
10
src/rufus.rc
|
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
|
||||||
IDD_DIALOG DIALOGEX 12, 12, 232, 326
|
IDD_DIALOG DIALOGEX 12, 12, 232, 326
|
||||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||||
EXSTYLE WS_EX_ACCEPTFILES
|
EXSTYLE WS_EX_ACCEPTFILES
|
||||||
CAPTION "Rufus 4.5.2125"
|
CAPTION "Rufus 4.5.2126"
|
||||||
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
|
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
|
||||||
BEGIN
|
BEGIN
|
||||||
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
|
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
|
||||||
|
@ -397,8 +397,8 @@ END
|
||||||
//
|
//
|
||||||
|
|
||||||
VS_VERSION_INFO VERSIONINFO
|
VS_VERSION_INFO VERSIONINFO
|
||||||
FILEVERSION 4,5,2125,0
|
FILEVERSION 4,5,2126,0
|
||||||
PRODUCTVERSION 4,5,2125,0
|
PRODUCTVERSION 4,5,2126,0
|
||||||
FILEFLAGSMASK 0x3fL
|
FILEFLAGSMASK 0x3fL
|
||||||
#ifdef _DEBUG
|
#ifdef _DEBUG
|
||||||
FILEFLAGS 0x1L
|
FILEFLAGS 0x1L
|
||||||
|
@ -416,13 +416,13 @@ BEGIN
|
||||||
VALUE "Comments", "https://rufus.ie"
|
VALUE "Comments", "https://rufus.ie"
|
||||||
VALUE "CompanyName", "Akeo Consulting"
|
VALUE "CompanyName", "Akeo Consulting"
|
||||||
VALUE "FileDescription", "Rufus"
|
VALUE "FileDescription", "Rufus"
|
||||||
VALUE "FileVersion", "4.5.2125"
|
VALUE "FileVersion", "4.5.2126"
|
||||||
VALUE "InternalName", "Rufus"
|
VALUE "InternalName", "Rufus"
|
||||||
VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)"
|
VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)"
|
||||||
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
|
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
|
||||||
VALUE "OriginalFilename", "rufus-4.5.exe"
|
VALUE "OriginalFilename", "rufus-4.5.exe"
|
||||||
VALUE "ProductName", "Rufus"
|
VALUE "ProductName", "Rufus"
|
||||||
VALUE "ProductVersion", "4.5.2125"
|
VALUE "ProductVersion", "4.5.2126"
|
||||||
END
|
END
|
||||||
END
|
END
|
||||||
BLOCK "VarFileInfo"
|
BLOCK "VarFileInfo"
|
||||||
|
|
Loading…
Reference in a new issue