Stack smashing vulnerability in f2fs dump_file function #265
Description
When dumping file, and it fails and prompts you into writing to ./lost_found there is a stash smashing vulnerability.
It allocates 255 bytes on the stack for ans
char ans[255] = {0};Then, without any bounds checking feeds user input into it.
printf("Do you want to dump this file into ./lost_found/? [Y/N] ");
ret = scanf("%s", ans);Under certain conditions, this can lead to an arbitrary code execution.
Vulnerable files:
src/f2fs/dump.c