Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1
On Thu, Oct 29, 2015 at 06:28:39PM +0000, Julien Cristau wrote:
Hi,
> The more obvious way is to not change the source format and not add quilt.
Ok I thought it would be a slightly better choice to avoid the old school
big diff.gz but since I've it as git commits at my end I'm fine.
So here's the changelog and the new debdiff:
exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium
.
* Add the fix for https://github.com/relan/exfat/issues/5 found
and reported by The Fuzzing Project. Check sector and cluster size.
* Add the fix for https://github.com/relan/exfat/issues/6 found
and reported by The Fuzzing Project. Detect infinite loop.
Sven
diff -u exfat-utils-1.1.0/debian/changelog exfat-utils-1.1.0/debian/changelog
--- exfat-utils-1.1.0/debian/changelog
+++ exfat-utils-1.1.0/debian/changelog
@@ -1,3 +1,12 @@
+exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium
+
+ * Add the fix for https://github.com/relan/exfat/issues/5 found
+ and reported by The Fuzzing Project. Check sector and cluster size.
+ * Add the fix for https://github.com/relan/exfat/issues/6 found
+ and reported by The Fuzzing Project. Detect infinite loop.
+
+ -- Sven Hoexter <hoexter@debian.org> Fri, 30 Oct 2015 10:28:28 +0100
+
exfat-utils (1.1.0-2) unstable; urgency=low
* Remove debian/watch - recent changes at Google code required
diff -u exfat-utils-1.1.0/debian/gbp.conf exfat-utils-1.1.0/debian/gbp.conf
--- exfat-utils-1.1.0/debian/gbp.conf
+++ exfat-utils-1.1.0/debian/gbp.conf
@@ -2,0 +3 @@
+debian-branch = jessie-updates
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/libexfat/mount.c
+++ exfat-utils-1.1.0/libexfat/mount.c
@@ -30,23 +30,32 @@
static uint64_t rootdir_size(const struct exfat* ef)
{
- uint64_t clusters = 0;
+ uint32_t clusters = 0;
+ uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count);
cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
- while (!CLUSTER_INVALID(rootdir_cluster))
+ /* Iterate all clusters of the root directory to calculate its size.
+ It can't be contiguous because there is no flag to indicate this. */
+ do
{
- clusters++;
- /* root directory cannot be contiguous because there is no flag
- to indicate this */
+ if (clusters == clusters_max) /* infinite loop detected */
+ {
+ exfat_error("root directory cannot occupy all %d clusters",
+ clusters);
+ return 0;
+ }
+ if (CLUSTER_INVALID(rootdir_cluster))
+ {
+ exfat_error("bad cluster %#x while reading root directory",
+ rootdir_cluster);
+ return 0;
+ }
rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
+ clusters++;
}
- if (rootdir_cluster != EXFAT_CLUSTER_END)
- {
- exfat_error("bad cluster %#x while reading root directory",
- rootdir_cluster);
- return 0;
- }
- return clusters * CLUSTER_SIZE(*ef->sb);
+ while (rootdir_cluster != EXFAT_CLUSTER_END);
+
+ return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb);
}
static const char* get_option(const char* options, const char* option_name)
@@ -208,6 +217,23 @@
exfat_error("exFAT file system is not found");
return -EIO;
}
+ /* sector cannot be smaller than 512 bytes */
+ if (ef->sb->sector_bits < 9)
+ {
+ exfat_close(ef->dev);
+ exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
+ free(ef->sb);
+ return -EIO;
+ }
+ /* officially exFAT supports cluster size up to 32 MB */
+ if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+ {
+ exfat_close(ef->dev);
+ exfat_error("too big cluster size: 2^(%hhd+%hhd)",
+ ef->sb->sector_bits, ef->sb->spc_bits);
+ free(ef->sb);
+ return -EIO;
+ }
ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
if (ef->zero_cluster == NULL)
{
@@ -242,16 +268,6 @@
free(ef->sb);
return -EIO;
}
- /* officially exFAT supports cluster size up to 32 MB */
- if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
- {
- free(ef->zero_cluster);
- exfat_close(ef->dev);
- exfat_error("too big cluster size: 2^%d",
- (int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
- free(ef->sb);
- return -EIO;
- }
if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
exfat_get_size(ef->dev))
{
Reply to: