svn commit: r526435 - in branches/2020Q1/sysutils/e2fsprogs: . files
Matthias Andree
mandree at FreeBSD.org
Mon Feb 17 22:14:34 UTC 2020
Author: mandree
Date: Mon Feb 17 22:14:32 2020
New Revision: 526435
URL: https://svnweb.freebsd.org/changeset/ports/526435
Log:
MFH: r526434
sysutils/e2fsprogs: Fix powerpc32 build/self-tests
libext2fs: avoid array buffer overruns caused by insane directory blocks
PR: 242798
Reported by: canardo909 at gmx.com
Obtained from: Theodore Y. Ts'o <tytso at mit.edu> (upstream maintainer)
Approved by: ports-secteam (blanket, fixing broken self-test by small patch)
Added:
branches/2020Q1/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c
- copied unchanged from r526434, head/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c
Modified:
branches/2020Q1/sysutils/e2fsprogs/Makefile
Directory Properties:
branches/2020Q1/ (props changed)
Modified: branches/2020Q1/sysutils/e2fsprogs/Makefile
==============================================================================
--- branches/2020Q1/sysutils/e2fsprogs/Makefile Mon Feb 17 21:54:23 2020 (r526434)
+++ branches/2020Q1/sysutils/e2fsprogs/Makefile Mon Feb 17 22:14:32 2020 (r526435)
@@ -3,7 +3,7 @@
PORTNAME= e2fsprogs
PORTVERSION= 1.45.5
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES?= sysutils
MASTER_SITES= KERNEL_ORG/linux/kernel/people/tytso/${PORTNAME}/v${PORTVERSION}
@@ -16,8 +16,6 @@ LICENSE_FILE?= ${WRKSRC}/NOTICE
.endif
LICENSE_DISTFILES_GPLv2+ = ${DISTNAME}${EXTRACT_SUFX}
-PORTSCOUT= ignore # cannot handle the version in the directory
-
USES= cpe gmake makeinfo pkgconfig tar:xz
CPE_VENDOR= e2fsprogs_project
USE_CSTD= gnu99
@@ -43,6 +41,8 @@ CONFIGURE_ARGS?=--disable-fsck \
CPPFLAGS+= -I${WRKSRC}/lib -I${LOCALBASE}/include # -D_EXT2_USE_C_VERSIONS
MAKE_ARGS+= pkgconfigdir='${PREFIX}/libdata/pkgconfig'
MAKE_ENV+= CHECK_CMD=@true
+
+PORTSCOUT= ignore # cannot handle the version in the directory
.if !defined(MASTERDIR)
INSTALL_TARGET= install install-libs
Copied: branches/2020Q1/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c (from r526434, head/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q1/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c Mon Feb 17 22:14:32 2020 (r526435, copy of r526434, head/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c)
@@ -0,0 +1,59 @@
+Author: Theodore Ts'o <tytso at mit.edu>
+
+ libext2fs: avoid array buffer overruns caused by insane directory blocks
+
+ Reported-by: canardo909 at gmx.com
+ Signed-off-by: Theodore Ts'o <tytso at mit.edu>
+
+Additionally line 441 was modified to "return 0" after e-mail exchange
+between Canardo and Theodore. // mandree at FreeBSD.org 2020-02-17
+
+--- lib/ext2fs/swapfs.c.orig 2020-01-06 23:10:17 UTC
++++ lib/ext2fs/swapfs.c
+@@ -416,10 +416,11 @@ errcode_t ext2fs_dirent_swab_in2(ext2_filsys fs, char
+ errcode_t retval;
+ char *p, *end;
+ struct ext2_dir_entry *dirent;
+- unsigned int name_len, rec_len;
++ unsigned int name_len, rec_len, left;
+
+ p = (char *) buf;
+ end = (char *) buf + size;
++ left = size;
+ while (p < end-8) {
+ dirent = (struct ext2_dir_entry *) p;
+ dirent->inode = ext2fs_swab32(dirent->inode);
+@@ -436,6 +437,9 @@ errcode_t ext2fs_dirent_swab_in2(ext2_filsys fs, char
+ retval = EXT2_ET_DIR_CORRUPTED;
+ } else if (((name_len & 0xFF) + 8) > rec_len)
+ retval = EXT2_ET_DIR_CORRUPTED;
++ if (rec_len > left)
++ return 0;
++ left -= rec_len;
+ p += rec_len;
+ }
+
+@@ -452,11 +456,12 @@ errcode_t ext2fs_dirent_swab_out2(ext2_filsys fs, char
+ {
+ errcode_t retval;
+ char *p, *end;
+- unsigned int rec_len;
++ unsigned int rec_len, left;
+ struct ext2_dir_entry *dirent;
+
+ p = buf;
+ end = buf + size;
++ left = size;
+ while (p < end) {
+ dirent = (struct ext2_dir_entry *) p;
+ retval = ext2fs_get_rec_len(fs, dirent, &rec_len);
+@@ -471,6 +476,9 @@ errcode_t ext2fs_dirent_swab_out2(ext2_filsys fs, char
+ dirent->inode = ext2fs_swab32(dirent->inode);
+ dirent->rec_len = ext2fs_swab16(dirent->rec_len);
+ dirent->name_len = ext2fs_swab16(dirent->name_len);
++ if (rec_len > size)
++ return EXT2_ET_DIR_CORRUPTED;
++ size -= rec_len;
+
+ if (flags & EXT2_DIRBLOCK_V2_STRUCT)
+ dirent->name_len = ext2fs_swab16(dirent->name_len);
More information about the svn-ports-all
mailing list