Security vulnerabilities and automated fixes for filesystem issues
5 posts found
A critical buffer overflow vulnerability in `kernel/filesystem.c` allowed malicious filesystem images to write beyond allocated buffer boundaries during header parsing. The fix adds proper bounds validation to ensure that sector data copies never exceed the allocated header buffer size, preventing heap corruption and potential code execution attacks.
A critical integer overflow vulnerability was discovered in the `__cstl_join` function in `opencstl/filesystem.h` that could allow attackers to trigger a heap buffer overflow by supplying crafted file path strings. The fix adds an explicit overflow check before the size calculation, returning NULL when the combined path lengths would wrap around the `size_type64` maximum value.
A critical buffer overflow vulnerability was discovered in `FreezeProject/src/fs.c`, where a custom `strcpy()` implementation was used at four separate call sites to copy user-controlled filenames into fixed-size buffers without any length checking. An attacker could supply a filename longer than the destination buffer to corrupt adjacent memory, potentially hijacking control flow or crashing the filesystem. The fix introduces a bounded `safe_strncpy()` helper that enforces the `MAX_FILENAME` li
A critical path traversal vulnerability (CWE-22) was discovered and patched in a TFTP server implementation where unsanitized filenames in write requests could allow attackers to overwrite arbitrary files on the host filesystem. This post breaks down how the vulnerability worked, how it was exploited, and what developers can do to prevent similar issues in their own code.
A medium-severity command injection vulnerability was discovered in the OSSFS service's file system operations, where subprocess.run() calls with shell=True or unsanitized user-controlled paths could allow attackers to execute arbitrary commands. This vulnerability highlights the critical importance of input validation and secure subprocess handling when dealing with user-provided file paths and mount points.