Use after free bug in FreeRTOS+FAT 160919a

Kernel
1

jjr-simiatec wrote on Monday, July 01, 2019:

Version: FreeRTOS-Plus-FAT-160919a-MIT

In ff_file.c: FF_Close() @ line 2970:

ffconfigFREE( pxFile );

if( FF_isERR( xError ) == pdFALSE )
{
    xError = FF_FlushCache( pxFile->pxIOManager ); /* Ensure all modified blocks are flushed to disk! */
}

Fix: move ffconfigFREE(…) after the if block.

2

jjr-simiatec wrote on Saturday, November 16, 2019:

deleted

3

jjr-simiatec wrote on Saturday, November 16, 2019:

Assigned CVE-2019-18178 and subsequently fixed.

References:

https://sourceforge.net/p/freertos/bugs/195/
https://sourceforge.net/p/freertos/bugs/199/