Hi Eric, Eric Biggers wrote: > Hi Jean-Pierre, > > Are you going to be reviewing/applying any of these other patches? (Excluding > the "ACE validation fixes" one which will need to be reworked once the desired > behavior is agreed on.)
I considered as valid all your proposed patches which I did not react to, and they are merged into the latest advanced version (http://jp-andre.pagesperso-orange.fr/advanced-ntfs-3g.html) This is sort of a release candidate for a stable version which could be released next year, and from now on, only fixes for major bugs are to be merged until the stable version is released. I am waiting for a green light from Tuxera for merging them into the git. Regards Jean-Pierre > I've also found a bug in lowntfs-3g regarding the reparse plugin support, so > I'll send a patch for that too. > > Thanks, > > Eric > > On Wed, Sep 14, 2016 at 11:39:07PM -0700, Eric Biggers wrote: >> utf16_to_utf8_size() was not guaranteed to fail with ENAMETOOLONG if the >> computed length was greater than @outs_len. This could cause a buffer >> overrun in ntfs_utf16_to_utf8(). This was a bug introduced by the >> patches to allow broken Unicode. Fix it. >> >> Signed-off-by: Eric Biggers <ebigge...@gmail.com> >> --- >> libntfs-3g/unistr.c | 26 +++++++++++++++++--------- >> 1 file changed, 17 insertions(+), 9 deletions(-) >> >> diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c >> index 4d33bb4..190dbd8 100644 >> --- a/libntfs-3g/unistr.c >> +++ b/libntfs-3g/unistr.c >> @@ -458,10 +458,15 @@ void ntfs_file_value_upcase(FILE_NAME_ATTR >> *file_name_attr, >> */ >> >> /* >> - * Return the amount of 8-bit elements in UTF-8 needed (without the >> terminating >> - * null) to store a given UTF-16LE string. >> + * Return the number of bytes in UTF-8 needed (without the terminating >> null) to >> + * store the given UTF-16LE string. >> * >> - * Return -1 with errno set if string has invalid byte sequence or too long. >> + * On error, -1 is returned, and errno is set to the error code. The >> following >> + * error codes can be expected: >> + * EILSEQ The input string is not valid UTF-16LE (only possible >> + * if compiled without ALLOW_BROKEN_UNICODE). >> + * ENAMETOOLONG The length of the UTF-8 string in bytes (without the >> + * terminating null) would exceed @outs_len. >> */ >> static int utf16_to_utf8_size(const ntfschar *ins, const int ins_len, int >> outs_len) >> { >> @@ -470,7 +475,7 @@ static int utf16_to_utf8_size(const ntfschar *ins, const >> int ins_len, int outs_l >> BOOL surrog; >> >> surrog = FALSE; >> - for (i = 0; i < ins_len && ins[i]; i++) { >> + for (i = 0; i < ins_len && ins[i] && count <= outs_len; i++) { >> unsigned short c = le16_to_cpu(ins[i]); >> if (surrog) { >> if ((c >= 0xdc00) && (c < 0xe000)) { >> @@ -511,17 +516,20 @@ static int utf16_to_utf8_size(const ntfschar *ins, >> const int ins_len, int outs_l >> count += 3; >> else >> goto fail; >> - if (count > outs_len) { >> - errno = ENAMETOOLONG; >> - goto out; >> - } >> } >> - if (surrog) >> + >> + if (surrog && count <= outs_len) { >> #if ALLOW_BROKEN_UNICODE >> count += 3; /* ending with a single surrogate */ >> #else >> goto fail; >> #endif /* ALLOW_BROKEN_UNICODE */ >> + } >> + >> + if (count > outs_len) { >> + errno = ENAMETOOLONG; >> + goto out; >> + } >> >> ret = count; >> out: >> -- >> 2.9.3 >> > ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ ntfs-3g-devel mailing list ntfs-3g-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
