Possible race condition (CWE-362, CWE-20)

ventoy / Ventoy

A new bootable USB solution.

https://www.ventoy.net

GNU General Public License v3.0

63.23k stars 4.11k forks source link

Possible race condition (CWE-362, CWE-20) #977

Open jishanshaikh4 opened 3 years ago

jishanshaikh4 commented 3 years ago

This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20).

LABEL: Bug / Vulnerability SEVERITY: Critical SOLUTION: No common direct solution available. Approach reconsideration is possibly best option.

Instances found in the GitHub repository:

[ ] SQUASHFS\squashfs-tools-4.4\squashfs-tools\mksquashfs.c:3580
[ ] LinuxGUI\Ventoy2Disk\Core\ventoy_disk.c:137

jishanshaikh4 commented 3 years ago

This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362).

LABEL: Bug / Vulnerability SEVERITY: Critical Solution: Use fchown( ) instead.

Instances found:

[ ] SQUASHFS\squashfs-tools-4.4\squashfs-tools\unsquashfs.c:928