Bug#804208: jessie-pu: package fuse-exfat/1.1.0-2+deb8u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#804208: jessie-pu: package fuse-exfat/1.1.0-2+deb8u1
From: Sven Hoexter <hoexter@debian.org>
Date: Fri, 06 Nov 2015 08:54:29 +0100
Message-id: <[🔎] 20151106075429.29090.1337.reportbug@shoexter.internal>
Reply-to: Sven Hoexter <hoexter@debian.org>, 804208@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,
since exfat-utils and fuse-exfat share the same code base, but are released
as seperate source packages, I've now prepared updates for fuse-exfat as well
to fix the issues found by The Fuzzing Project.

Changes:
 fuse-exfat (1.1.0-2+deb8u1) jessie; urgency=medium
 .
   * Add the fix for https://github.com/relan/exfat/issues/5 found
     and reported by The Fuzzing Project. Check sector and cluster size.
   * Add the fix for https://github.com/relan/exfat/issues/6 found
     and reported by The Fuzzing Project. Detect infinite loop.


-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -u fuse-exfat-1.1.0/debian/changelog fuse-exfat-1.1.0/debian/changelog
--- fuse-exfat-1.1.0/debian/changelog
+++ fuse-exfat-1.1.0/debian/changelog
@@ -1,3 +1,12 @@
+fuse-exfat (1.1.0-2+deb8u1) jessie; urgency=medium
+
+  * Add the fix for https://github.com/relan/exfat/issues/5 found
+    and reported by The Fuzzing Project. Check sector and cluster size.
+  * Add the fix for https://github.com/relan/exfat/issues/6 found
+    and reported by The Fuzzing Project. Detect infinite loop. 
+
+ -- Sven Hoexter <hoexter@debian.org>  Fri, 06 Nov 2015 08:08:13 +0100
+
 fuse-exfat (1.1.0-2) unstable; urgency=low
 
   * Remove debian/watch - recent changes at Google code required
diff -u fuse-exfat-1.1.0/debian/gbp.conf fuse-exfat-1.1.0/debian/gbp.conf
--- fuse-exfat-1.1.0/debian/gbp.conf
+++ fuse-exfat-1.1.0/debian/gbp.conf
@@ -2,0 +3 @@
+debian-branch = jessie-updates
only in patch2:
unchanged:
--- fuse-exfat-1.1.0.orig/libexfat/mount.c
+++ fuse-exfat-1.1.0/libexfat/mount.c
@@ -30,23 +30,32 @@
 
 static uint64_t rootdir_size(const struct exfat* ef)
 {
-	uint64_t clusters = 0;
+	uint32_t clusters = 0;
+	uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count);
 	cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
 
-	while (!CLUSTER_INVALID(rootdir_cluster))
+	/* Iterate all clusters of the root directory to calculate its size.
+	   It can't be contiguous because there is no flag to indicate this. */
+	do
 	{
-		clusters++;
-		/* root directory cannot be contiguous because there is no flag
-		   to indicate this */
+		if (clusters == clusters_max) /* infinite loop detected */
+		{
+			exfat_error("root directory cannot occupy all %d clusters",
+					clusters);
+			return 0;
+		}
+		if (CLUSTER_INVALID(rootdir_cluster))
+		{
+			exfat_error("bad cluster %#x while reading root directory",
+					rootdir_cluster);
+			return 0;
+		}
 		rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
+		clusters++;
 	}
-	if (rootdir_cluster != EXFAT_CLUSTER_END)
-	{
-		exfat_error("bad cluster %#x while reading root directory",
-				rootdir_cluster);
-		return 0;
-	}
-	return clusters * CLUSTER_SIZE(*ef->sb);
+	while (rootdir_cluster != EXFAT_CLUSTER_END);
+
+	return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb);
 }
 
 static const char* get_option(const char* options, const char* option_name)
@@ -208,6 +217,23 @@
 		exfat_error("exFAT file system is not found");
 		return -EIO;
 	}
+	/* sector cannot be smaller than 512 bytes */
+	if (ef->sb->sector_bits < 9)
+	{
+		exfat_close(ef->dev);
+		exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
+		free(ef->sb);
+		return -EIO;
+	}
+	/* officially exFAT supports cluster size up to 32 MB */
+	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+	{
+		exfat_close(ef->dev);
+		exfat_error("too big cluster size: 2^(%hhd+%hhd)",
+				ef->sb->sector_bits, ef->sb->spc_bits);
+		free(ef->sb);
+		return -EIO;
+	}
 	ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
 	if (ef->zero_cluster == NULL)
 	{
@@ -242,16 +268,6 @@
 		free(ef->sb);
 		return -EIO;
 	}
-	/* officially exFAT supports cluster size up to 32 MB */
-	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
-	{
-		free(ef->zero_cluster);
-		exfat_close(ef->dev);
-		exfat_error("too big cluster size: 2^%d",
-				(int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
-		free(ef->sb);
-		return -EIO;
-	}
 	if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
 			exfat_get_size(ef->dev))
 	{

Reply to:

Prev by Date: NEW changes in oldstable-new
Next by Date: Bug#804209: wheezy-pu: package fuse-exfat/0.9.7-2+deb7u1
Previous by thread: Processed: Re: Bug#804172: jessie-pu: package spip/3.0.17-2+deb8u1
Next by thread: Bug#804209: wheezy-pu: package fuse-exfat/0.9.7-2+deb7u1
Index(es):
- Date
- Thread