From nobody Sun Jun 5 16:20:51 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B45F41BD977D; Sun, 5 Jun 2022 16:20:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LGMLC3964z4l0T; Sun, 5 Jun 2022 16:20:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654446051; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=duX+PJTEfky2jDUAHkqKHr66LvxAcuPZ8gDECmEQgOo=; b=O4GHgk0V/sctCTwTzSYDKs+FYtwIgysB7926uQFKiXHPPwL9QMia7ECzU7heS7QIKx95mH VBy0KSuQcw5Pz/Fr0EVAqspsNAyy757YstCfVI7F+anoxAjIo5KFedoi1lEVZYr2xQYmd8 BVYzD7ji44ltON0PXGZmg50mKAubVWwRGNdJbL3A+Gw93gSm7rIirXe5frh0ckPl0CZsQN h9ldmcWrZS5hhklXqzNv+ixwrPY89zk3CmTsed9aBTME8fhUPYcGpVVLkXSdTzb4klcnml XguxntNx8YMdCsEOoYrffGVF0bKjeZ2Qnsn25wNbJ5lNSjmGrBGZJ3hgcM66cw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1FDAD14D67; Sun, 5 Jun 2022 16:20:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 255GKpwC088219; Sun, 5 Jun 2022 16:20:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 255GKpht088218; Sun, 5 Jun 2022 16:20:51 GMT (envelope-from git) Date: Sun, 5 Jun 2022 16:20:51 GMT Message-Id: <202206051620.255GKpht088218@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Matthias Andree Subject: git: 78d13baac324 - 2022Q2 - sysutils/e2fsprogs: fix CVE-2022-1304 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mandree X-Git-Repository: ports X-Git-Refname: refs/heads/2022Q2 X-Git-Reftype: branch X-Git-Commit: 78d13baac3249e28108e062b899780bf09b53f5d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654446051; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=duX+PJTEfky2jDUAHkqKHr66LvxAcuPZ8gDECmEQgOo=; b=hurO9M+YgC19hEL3fY1eLCKqznhWB0xcQhf42bXjTdp7xgR+xS+nLnATVKWztUfe97JmIZ /MvjRwh/F0ir8S0sm68F65zgO4ZHGdO48ejbn1NJv8Qj+B4n9y1SjeZ6E/8cZySfPgEyS+ 4LNCvYE7SBxiwHn2GjKXSMyH6QDBVVnTUGiJRjFO5UodlhbzMySei5AA6GmeatrGCW5L+f dkHAU2L4tr1jF7ajWKTUdTs/tt6AXVnSbqW5RFbLTtZkgQIn6HtfE/YeBIGASszNA02aCf cMcTvLRFsez5SjUOT4BV44fpIbebp9+8xBACzZTyzPMD1zHfS0INWYI2N6HzKw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654446051; a=rsa-sha256; cv=none; b=KekD6Ww09kSfr679z9mY99OyZxkamOWi4ysfrU/aSrVk6BnPfGqLTs4O1gxwy7avKFqg5P GCrTkrjzQa8iB4EjmlKLNMeSJFls8ZqFsYsoXX/YEytq5qKtOrzt9M26ijWwgSD/lrdQJ3 Ixc1EZm0cw2TAVPOABPxbM076UUxocu4DMHrRB2/wgzadeYi5Ei6hikiwJ8J7dDs3DJRiz Y1YttNmOCwAG9AK8nb7PVf2GJfaYzb+OHq/QtQgHuU9zA3rQCc17ZRvhhRMFRq0fhnrPuq nAQyZTfbbC+QPiOneuHQPSzUuFYOwcV3MsWXS+M2HzWW5ghPSWsiKY0x6RM6/w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch 2022Q2 has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=78d13baac3249e28108e062b899780bf09b53f5d commit 78d13baac3249e28108e062b899780bf09b53f5d Author: Matthias Andree AuthorDate: 2022-06-05 15:21:42 +0000 Commit: Matthias Andree CommitDate: 2022-06-05 16:20:48 +0000 sysutils/e2fsprogs: fix CVE-2022-1304 Take patch from linux-ext4@ mailing list to fix Security: CVE-2022-1304 Security: a58f3fde-e4e0-11ec-8340-2d623369b8b5 MFH: 2022Q2 (cherry picked from commit 83ce641b79e305333e8444b53821f12a21b753e6) --- sysutils/e2fsprogs/Makefile | 2 +- sysutils/e2fsprogs/files/patch-CVE-2022-1304 | 57 ++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) diff --git a/sysutils/e2fsprogs/Makefile b/sysutils/e2fsprogs/Makefile index 010d421b860b..8139fdc24b54 100644 --- a/sysutils/e2fsprogs/Makefile +++ b/sysutils/e2fsprogs/Makefile @@ -14,7 +14,7 @@ PORTNAME= e2fsprogs PORTVERSION= 1.46.5 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES?= sysutils MASTER_SITES= KERNEL_ORG/linux/kernel/people/tytso/${PORTNAME}/v${PORTVERSION} diff --git a/sysutils/e2fsprogs/files/patch-CVE-2022-1304 b/sysutils/e2fsprogs/files/patch-CVE-2022-1304 new file mode 100644 index 000000000000..dec6e97b76be --- /dev/null +++ b/sysutils/e2fsprogs/files/patch-CVE-2022-1304 @@ -0,0 +1,57 @@ +From: Lukas Czerner +To: linux-ext4@vger.kernel.org +Cc: tytso@mit.edu, Nils Bars +Subject: [PATCH] e2fsprogs: add sanity check to extent manipulation +Date: Thu, 21 Apr 2022 19:31:48 +0200 +Message-Id: <20220421173148.20193-1-lczerner@redhat.com> +List-ID: +X-Mailing-List: linux-ext4@vger.kernel.org + +It is possible to have a corrupted extent tree in such a way that a leaf +node contains zero extents in it. Currently if that happens and we try +to traverse the tree we can end up accessing wrong data, or possibly +even uninitialized memory. Make sure we don't do that. + +Additionally make sure that we have a sane number of bytes passed to +memmove() in ext2fs_extent_delete(). + +Note that e2fsck is currently unable to spot and fix such corruption in +pass1. + +Signed-off-by: Lukas Czerner +Reported-by: Nils Bars +Addressess: https://bugzilla.redhat.com/show_bug.cgi?id=2068113 +--- + lib/ext2fs/extent.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c +index b324c7b0..1a206a16 100644 +--- ./lib/ext2fs/extent.c ++++ b/lib/ext2fs/extent.c +@@ -495,6 +495,10 @@ retry: + ext2fs_le16_to_cpu(eh->eh_entries); + newpath->max_entries = ext2fs_le16_to_cpu(eh->eh_max); + ++ /* Make sure there is at least one extent present */ ++ if (newpath->left <= 0) ++ return EXT2_ET_EXTENT_NO_DOWN; ++ + if (path->left > 0) { + ix++; + newpath->end_blk = ext2fs_le32_to_cpu(ix->ei_block); +@@ -1630,6 +1634,10 @@ errcode_t ext2fs_extent_delete(ext2_extent_handle_t handle, int flags) + + cp = path->curr; + ++ /* Sanity check before memmove() */ ++ if (path->left < 0) ++ return EXT2_ET_EXTENT_LEAF_BAD; ++ + if (path->left) { + memmove(cp, cp + sizeof(struct ext3_extent_idx), + path->left * sizeof(struct ext3_extent_idx)); +-- +2.35.1 + +