rpms / e2fsprogs

Clone
Source Code
GIT

Blame SOURCES/e2fsprogs-1.42.9-libext2fs-avoid-buffer-overflow.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   e2fsprogs-1.42.9-libext2fs-avoid-buffer-overflow.patch
Blob History Raw
0c4d09 
commit f66e6ce4446738c2c7f43d41988a3eb73347e2f5
0c4d09 
Author: Theodore Ts'o <tytso@mit.edu>
0c4d09 
Date:   Sat Aug 9 12:24:54 2014 -0400
0c4d09
0c4d09 
    libext2fs: avoid buffer overflow if s_first_meta_bg is too big
0c4d09
0c4d09 
    If s_first_meta_bg is greater than the of number block group
0c4d09 
    descriptor blocks, then reading or writing the block group descriptors
0c4d09 
    will end up overruning the memory buffer allocated for the
0c4d09 
    descriptors.  Fix this by limiting first_meta_bg to no more than
0c4d09 
    fs->desc_blocks.  This doesn't correct the bad s_first_meta_bg value,
0c4d09 
    but it avoids causing the e2fsprogs userspace programs from
0c4d09 
    potentially crashing.
0c4d09
0c4d09 
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
0c4d09
0c4d09 
Index: e2fsprogs-1.42.9/lib/ext2fs/closefs.c
0c4d09 
===================================================================
0c4d09 
--- e2fsprogs-1.42.9.orig/lib/ext2fs/closefs.c
0c4d09 
+++ e2fsprogs-1.42.9/lib/ext2fs/closefs.c
0c4d09 
@@ -336,9 +336,11 @@ errcode_t ext2fs_flush2(ext2_filsys fs,
0c4d09 
 	 * superblocks and group descriptors.
0c4d09 
 	 */
0c4d09 
 	group_ptr = (char *) group_shadow;
0c4d09 
-	if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG)
0c4d09 
+	if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
0c4d09 
 		old_desc_blocks = fs->super->s_first_meta_bg;
0c4d09 
-	else
0c4d09 
+		if (old_desc_blocks > fs->super->s_first_meta_bg)
0c4d09 
+			old_desc_blocks = fs->desc_blocks;
0c4d09 
+	} else
0c4d09 
 		old_desc_blocks = fs->desc_blocks;
0c4d09
0c4d09 
 	ext2fs_numeric_progress_init(fs, &progress, NULL,
0c4d09 
Index: e2fsprogs-1.42.9/lib/ext2fs/openfs.c
0c4d09 
===================================================================
0c4d09 
--- e2fsprogs-1.42.9.orig/lib/ext2fs/openfs.c
0c4d09 
+++ e2fsprogs-1.42.9/lib/ext2fs/openfs.c
0c4d09 
@@ -348,9 +348,11 @@ errcode_t ext2fs_open2(const char *name,
0c4d09 
 #ifdef WORDS_BIGENDIAN
0c4d09 
 	groups_per_block = EXT2_DESC_PER_BLOCK(fs->super);
0c4d09 
 #endif
0c4d09 
-	if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG)
0c4d09 
+	if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
0c4d09 
 		first_meta_bg = fs->super->s_first_meta_bg;
0c4d09 
-	else
0c4d09 
+		if (first_meta_bg > fs->desc_blocks)
0c4d09 
+			first_meta_bg = fs->desc_blocks;
0c4d09 
+	} else
0c4d09 
 		first_meta_bg = fs->desc_blocks;
0c4d09 
 	if (first_meta_bg) {
0c4d09 
 		retval = io_channel_read_blk(fs->io, group_block+1,

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation