From 0c613eb416e08ed68c5f7255847dd1362b07abb3 Mon Sep 17 00:00:00 2001
From: qiaojijun <qiaojijun@kylinos.cn>
Date: Mon, 17 Jun 2024 10:58:05 +0800
Subject: [PATCH] fix CVE-2023-52890

from: https://github.com/tuxera/ntfs-3g/commit/75dcdc2cf37478fad6c0e3427403d198b554951d
(cherry picked from commit 0e6b06b25a7061bdd9e7f3325940058209e79445)
---
 3000-CVE-2023-52890.patch | 37 +++++++++++++++++++++++++++++++++++++
 ntfs-3g.spec              |  7 ++++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 3000-CVE-2023-52890.patch

diff --git a/3000-CVE-2023-52890.patch b/3000-CVE-2023-52890.patch
new file mode 100644
index 0000000..2f7443a
--- /dev/null
+++ b/3000-CVE-2023-52890.patch
@@ -0,0 +1,37 @@
+From 75dcdc2cf37478fad6c0e3427403d198b554951d Mon Sep 17 00:00:00 2001
+From: Erik Larsson <erik@tuxera.com>
+Date: Tue, 13 Jun 2023 17:47:15 +0300
+Subject: [PATCH] unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.
+
+If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
+then 'n' will be less than 0 and the loop will terminate without storing
+anything in '*t'. After the loop the uppercase string's allocation is
+freed, however after it is freed it is unconditionally accessed through
+'*t', which points into the freed allocation, for the purpose of NULL-
+terminating the string. This leads to a use-after-free.
+Fixed by only NULL-terminating the string when no error has been thrown.
+
+Thanks for Jeffrey Bencteux for reporting this issue:
+https://github.com/tuxera/ntfs-3g/issues/84
+---
+ libntfs-3g/unistr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
+index 5854b3b7..db8ddf42 100644
+--- a/libntfs-3g/unistr.c
++++ b/libntfs-3g/unistr.c
+@@ -1189,8 +1189,9 @@ char *ntfs_uppercase_mbs(const char *low,
+ 			free(upp);
+ 			upp = (char*)NULL;
+ 			errno = EILSEQ;
++		} else {
++			*t = 0;
+ 		}
+-		*t = 0;
+ 	}
+ 	return (upp);
+ }
+-- 
+2.20.1
+
diff --git a/ntfs-3g.spec b/ntfs-3g.spec
index de134f8..e08221e 100644
--- a/ntfs-3g.spec
+++ b/ntfs-3g.spec
@@ -1,6 +1,6 @@
 Name:          ntfs-3g
 Version:       2022.5.17
-Release:       2
+Release:       3
 Epoch:         2
 Summary:       Linux NTFS userspace driver
 License:       GPLv2+
@@ -11,6 +11,8 @@ Patch1:        add-version-and-help-usage.patch
 Patch2:	       CVE-2022-40284_1.patch
 Patch3:        CVE-2022-40284_2.patch
 
+Patch3000:        3000-CVE-2023-52890.patch
+
 BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
 Provides:      ntfsprogs-fuse = %{epoch}:%{version}-%{release}
 Obsoletes:     ntfsprogs-fuse
@@ -91,6 +93,9 @@ rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/README
 %{_mandir}/man*/*
 
 %changelog
+* Mon Jun 17 2024 qiaojijun<qiaojijun@kylinos.cn> - 2:2022.5.17-3
+- fix CVE-2023-52890
+
 * Thu Nov 10 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 2:2022.5.17-2
 - fix CVE-2022-40284
 
-- 
Gitee