FreeRTOS Real Time Kernel (RTOS) / Bugs / #195 Use after free bug in FreeRTOS+FAT 160919a

#195 Use after free bug in FreeRTOS+FAT 160919a

Milestone: v1.0 (example)

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2020-02-21

Created: 2019-07-02

Creator: John Robertson

Private: No

Version: FreeRTOS-Plus-FAT-160919a-MIT
In ff_file.c: FF_Close() @ line 2970:

ffconfigFREE( pxFile );

if( FF_isERR( xError ) == pdFALSE )
{
    xError = FF_FlushCache( pxFile->pxIOManager ); /* Ensure all modified blocks are flushed to disk! */
}

Fix: move ffconfigFREE(...) after the if block.

Discussion

Yuhui Zheng - 2019-11-15

Hi John,

Thank you for the proposal. CVE-2019-18178 has been addressed and the most recent code could be found here -- https://www.freertos.org/FreeRTOS-Labs/RTOS_labs_download.html.

Regards,

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Richard Barry - 2020-02-21

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Use after free bug in FreeRTOS+FAT 160919a

Market leading real time kernel for 40+ microcontroller architectures

Group

Searches

Help

#195 Use after free bug in FreeRTOS+FAT 160919a

Discussion