Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Feb 2020 22:14:33 +0000 (UTC)
From:      Matthias Andree <mandree@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r526435 - in branches/2020Q1/sysutils/e2fsprogs: . files
Message-ID:  <202002172214.01HMEXTb044909@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: mandree
Date: Mon Feb 17 22:14:32 2020
New Revision: 526435
URL: https://svnweb.freebsd.org/changeset/ports/526435

Log:
  MFH: r526434
  
  sysutils/e2fsprogs: Fix powerpc32 build/self-tests
  libext2fs: avoid array buffer overruns caused by insane directory blocks
  
  PR:		242798
  Reported by:	canardo909@gmx.com
  Obtained from:	Theodore Y. Ts'o <tytso@mit.edu> (upstream maintainer)
  
  Approved by:	ports-secteam (blanket, fixing broken self-test by small patch)

Added:
  branches/2020Q1/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c
     - copied unchanged from r526434, head/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c
Modified:
  branches/2020Q1/sysutils/e2fsprogs/Makefile
Directory Properties:
  branches/2020Q1/   (props changed)

Modified: branches/2020Q1/sysutils/e2fsprogs/Makefile
==============================================================================
--- branches/2020Q1/sysutils/e2fsprogs/Makefile	Mon Feb 17 21:54:23 2020	(r526434)
+++ branches/2020Q1/sysutils/e2fsprogs/Makefile	Mon Feb 17 22:14:32 2020	(r526435)
@@ -3,7 +3,7 @@
 
 PORTNAME=	e2fsprogs
 PORTVERSION=	1.45.5
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES?=	sysutils
 MASTER_SITES=	KERNEL_ORG/linux/kernel/people/tytso/${PORTNAME}/v${PORTVERSION}
 
@@ -16,8 +16,6 @@ LICENSE_FILE?=	${WRKSRC}/NOTICE
 .endif
 LICENSE_DISTFILES_GPLv2+ =	${DISTNAME}${EXTRACT_SUFX}
 
-PORTSCOUT=	ignore	# cannot handle the version in the directory
-
 USES=		cpe gmake makeinfo pkgconfig tar:xz
 CPE_VENDOR=	e2fsprogs_project
 USE_CSTD=	gnu99
@@ -43,6 +41,8 @@ CONFIGURE_ARGS?=--disable-fsck \
 CPPFLAGS+=	-I${WRKSRC}/lib -I${LOCALBASE}/include # -D_EXT2_USE_C_VERSIONS
 MAKE_ARGS+=	pkgconfigdir='${PREFIX}/libdata/pkgconfig'
 MAKE_ENV+=	CHECK_CMD=@true
+
+PORTSCOUT=	ignore	# cannot handle the version in the directory
 
 .if !defined(MASTERDIR)
 INSTALL_TARGET=		install install-libs

Copied: branches/2020Q1/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c (from r526434, head/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c	Mon Feb 17 22:14:32 2020	(r526435, copy of r526434, head/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c)
@@ -0,0 +1,59 @@
+Author: Theodore Ts'o <tytso@mit.edu>
+
+    libext2fs: avoid array buffer overruns caused by insane directory blocks
+    
+    Reported-by: canardo909@gmx.com
+    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Additionally line 441 was modified to "return 0" after e-mail exchange
+between Canardo and Theodore. // mandree@FreeBSD.org 2020-02-17
+
+--- lib/ext2fs/swapfs.c.orig	2020-01-06 23:10:17 UTC
++++ lib/ext2fs/swapfs.c
+@@ -416,10 +416,11 @@ errcode_t ext2fs_dirent_swab_in2(ext2_filsys fs, char 
+ 	errcode_t	retval;
+ 	char		*p, *end;
+ 	struct ext2_dir_entry *dirent;
+-	unsigned int	name_len, rec_len;
++	unsigned int	name_len, rec_len, left;
+ 
+ 	p = (char *) buf;
+ 	end = (char *) buf + size;
++	left = size;
+ 	while (p < end-8) {
+ 		dirent = (struct ext2_dir_entry *) p;
+ 		dirent->inode = ext2fs_swab32(dirent->inode);
+@@ -436,6 +437,9 @@ errcode_t ext2fs_dirent_swab_in2(ext2_filsys fs, char 
+ 			retval = EXT2_ET_DIR_CORRUPTED;
+ 		} else if (((name_len & 0xFF) + 8) > rec_len)
+ 			retval = EXT2_ET_DIR_CORRUPTED;
++		if (rec_len > left)
++			return 0;
++		left -= rec_len;
+ 		p += rec_len;
+ 	}
+ 
+@@ -452,11 +456,12 @@ errcode_t ext2fs_dirent_swab_out2(ext2_filsys fs, char
+ {
+ 	errcode_t	retval;
+ 	char		*p, *end;
+-	unsigned int	rec_len;
++	unsigned int	rec_len, left;
+ 	struct ext2_dir_entry *dirent;
+ 
+ 	p = buf;
+ 	end = buf + size;
++	left = size;
+ 	while (p < end) {
+ 		dirent = (struct ext2_dir_entry *) p;
+ 		retval = ext2fs_get_rec_len(fs, dirent, &rec_len);
+@@ -471,6 +476,9 @@ errcode_t ext2fs_dirent_swab_out2(ext2_filsys fs, char
+ 		dirent->inode = ext2fs_swab32(dirent->inode);
+ 		dirent->rec_len = ext2fs_swab16(dirent->rec_len);
+ 		dirent->name_len = ext2fs_swab16(dirent->name_len);
++		if (rec_len > size)
++			return EXT2_ET_DIR_CORRUPTED;
++		size -= rec_len;
+ 
+ 		if (flags & EXT2_DIRBLOCK_V2_STRUCT)
+ 			dirent->name_len = ext2fs_swab16(dirent->name_len);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002172214.01HMEXTb044909>