[debian-lts] e2fsprogs package
Hi all,
I would like to send debdiff file of e2fsprogs package for reviewing.
Could anyone please review it and give me some comments.
And some texts for debian-lts-announce in case this debdiff is
accepted as comments from Raphael Hertzog:
libext2fs was vulnerable to a potential buffer overflow if s_first_meta_bg
is too big. This fix doesn't correct the bad value of s_first_meta_bg but
avoids causing e2fsprogs userspace programs from potential crashing.
Thanks and best regards
Cong
--
=====================================================================
Nguyen The Cong (Mr)
Software Engineer
Toshiba Software Development (Vietnam) Co.,Ltd
519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam
tel: +84-4-2220 8801 (Ext. 208)
e-mail: cong.nguyenthe@toshiba-tsdv.com
=====================================================================
Note: This e-mail message may contain personal information or confidential information. If you are not the addressee of this message, please delete this message and kindly notify the sender as soon as possible - do not copy, use, or disclose this message.
diff -Nru e2fsprogs-1.41.12/debian/changelog e2fsprogs-1.41.12/debian/changelog
--- e2fsprogs-1.41.12/debian/changelog 2011-06-19 00:21:52.000000000 +0700
+++ e2fsprogs-1.41.12/debian/changelog 2015-02-09 15:15:05.000000000 +0700
@@ -1,3 +1,13 @@
+e2fsprogs (1.41.12-4stable1+squeeze1) stable; urgency=low
+
+ * Non-maintainer upload by the Debian LTS team.
+ * libext2fs: Fix buffer overflow if s_first_meta_bg is too big
+ as reported in CVE-2015-0247.
+ Refer to upstream commit:
+ https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
+
+ -- Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com> Mon, 09 Feb 2015 15:07:42 +0700
+
e2fsprogs (1.41.12-4stable1) stable; urgency=high
* Upload to proposed-updates
diff -Nru e2fsprogs-1.41.12/lib/ext2fs/closefs.c e2fsprogs-1.41.12/lib/ext2fs/closefs.c
--- e2fsprogs-1.41.12/lib/ext2fs/closefs.c 2011-06-19 00:14:54.000000000 +0700
+++ e2fsprogs-1.41.12/lib/ext2fs/closefs.c 2015-02-09 15:04:53.000000000 +0700
@@ -284,9 +284,11 @@
* superblocks and group descriptors.
*/
group_ptr = (char *) group_shadow;
- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG)
+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
old_desc_blocks = fs->super->s_first_meta_bg;
- else
+ if (old_desc_blocks > fs->super->s_first_meta_bg)
+ old_desc_blocks = fs->desc_blocks;
+ } else
old_desc_blocks = fs->desc_blocks;
for (i = 0; i < fs->group_desc_count; i++) {
diff -Nru e2fsprogs-1.41.12/lib/ext2fs/openfs.c e2fsprogs-1.41.12/lib/ext2fs/openfs.c
--- e2fsprogs-1.41.12/lib/ext2fs/openfs.c 2011-06-19 00:14:54.000000000 +0700
+++ e2fsprogs-1.41.12/lib/ext2fs/openfs.c 2015-02-09 15:07:20.000000000 +0700
@@ -304,9 +304,11 @@
group_block = fs->super->s_first_data_block;
dest = (char *) fs->group_desc;
groups_per_block = EXT2_DESC_PER_BLOCK(fs->super);
- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG)
+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
first_meta_bg = fs->super->s_first_meta_bg;
- else
+ if (first_meta_bg > fs->desc_blocks)
+ first_meta_bg = fs->desc_blocks;
+ } else
first_meta_bg = fs->desc_blocks;
if (first_meta_bg) {
retval = io_channel_read_blk(fs->io, group_block+1,
--
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com
Reply to: