[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#803362: marked as done (jessie-pu: package exfat-utils/1.1.0-2+deb8u1)

Your message dated Sat, 23 Jan 2016 13:57:15 +0000
with message-id <1453557435.1835.52.camel@adam-barratt.org.uk>
and subject line 8.3 point release cleanup
has caused the Debian Bug report #803362,
regarding jessie-pu: package exfat-utils/1.1.0-2+deb8u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
803362: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803362
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,
The Fuzzing Project found two issues in the exfat-utils package and the security
team asked me to fix them via a stable update.

Changelog:
exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium

  * Add quilt to build-deps.
  * Add --with quilt to dh invocation in d/rules.
  * Add d/patches/check-sector-and-cluster-size. Fix for
    https://github.com/relan/exfat/issues/5 found and reported by
    The Fuzzing Project.
  * Add d/patches/detect-infinite-loop. Fix for
    https://github.com/relan/exfat/issues/6 found and reported by
    The Fuzzing Project.

 -- Sven Hoexter <hoexter@debian.org>  Thu, 29 Oct 2015 09:40:20 +0100

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -u exfat-utils-1.1.0/debian/changelog exfat-utils-1.1.0/debian/changelog
--- exfat-utils-1.1.0/debian/changelog
+++ exfat-utils-1.1.0/debian/changelog
@@ -1,3 +1,16 @@
+exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium
+
+  * Add quilt to build-deps.
+  * Add --with quilt to dh invocation in d/rules.
+  * Add d/patches/check-sector-and-cluster-size. Fix for
+    https://github.com/relan/exfat/issues/5 found and reported by
+    The Fuzzing Project.
+  * Add d/patches/detect-infinite-loop. Fix for
+    https://github.com/relan/exfat/issues/6 found and reported by
+    The Fuzzing Project.
+
+ -- Sven Hoexter <hoexter@debian.org>  Thu, 29 Oct 2015 09:40:20 +0100
+
 exfat-utils (1.1.0-2) unstable; urgency=low
 
   * Remove debian/watch - recent changes at Google code required
diff -u exfat-utils-1.1.0/debian/control exfat-utils-1.1.0/debian/control
--- exfat-utils-1.1.0/debian/control
+++ exfat-utils-1.1.0/debian/control
@@ -2,7 +2,7 @@
 Section: otherosfs
 Priority: optional
 Maintainer: Sven Hoexter <hoexter@debian.org>
-Build-Depends: debhelper (>= 9), scons
+Build-Depends: debhelper (>= 9), scons, quilt
 Standards-Version: 3.9.5
 Homepage: http://code.google.com/p/exfat/
 Vcs-Git: git://git.sven.stormbind.net/git/sven/exfat-utils.git
diff -u exfat-utils-1.1.0/debian/gbp.conf exfat-utils-1.1.0/debian/gbp.conf
--- exfat-utils-1.1.0/debian/gbp.conf
+++ exfat-utils-1.1.0/debian/gbp.conf
@@ -2,0 +3 @@
+debian-branch = jessie-updates
diff -u exfat-utils-1.1.0/debian/rules exfat-utils-1.1.0/debian/rules
--- exfat-utils-1.1.0/debian/rules
+++ exfat-utils-1.1.0/debian/rules
@@ -6,7 +6,7 @@
 export CCFLAGS = $(CFLAGS) -Wall -std=c99 -D_GNU_SOURCE
 
 %:
-	dh $@
+	dh $@ --with quilt
 
 override_dh_auto_build:
 	scons
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/debian/README.source
+++ exfat-utils-1.1.0/debian/README.source
@@ -0,0 +1,5 @@
+This package uses quilt to manage the patches in debian/patches.
+For further information please install the quilt package and read
+/usr/share/doc/quilt/README.source.
+
+ -- sven <sven@shoexter.internal>, Thu, 29 Oct 2015 09:05:34 +0100
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/debian/patches/check-sector-and-cluster-size
+++ exfat-utils-1.1.0/debian/patches/check-sector-and-cluster-size
@@ -0,0 +1,48 @@
+Patch for https://github.com/relan/exfat/issues/5
+See also:
+https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
+Index: exfat-utils/libexfat/mount.c
+===================================================================
+--- exfat-utils.orig/libexfat/mount.c
++++ exfat-utils/libexfat/mount.c
+@@ -208,6 +208,23 @@ int exfat_mount(struct exfat* ef, const
+ 		exfat_error("exFAT file system is not found");
+ 		return -EIO;
+ 	}
++	/* sector cannot be smaller than 512 bytes */
++	if (ef->sb->sector_bits < 9)
++	{
++		exfat_close(ef->dev);
++		exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
++		free(ef->sb);
++		return -EIO;
++	}
++	/* officially exFAT supports cluster size up to 32 MB */
++	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
++	{
++		exfat_close(ef->dev);
++		exfat_error("too big cluster size: 2^(%hhd+%hhd)",
++				ef->sb->sector_bits, ef->sb->spc_bits);
++		free(ef->sb);
++		return -EIO;
++	}
+ 	ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
+ 	if (ef->zero_cluster == NULL)
+ 	{
+@@ -242,16 +259,6 @@ int exfat_mount(struct exfat* ef, const
+ 		free(ef->sb);
+ 		return -EIO;
+ 	}
+-	/* officially exFAT supports cluster size up to 32 MB */
+-	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+-	{
+-		free(ef->zero_cluster);
+-		exfat_close(ef->dev);
+-		exfat_error("too big cluster size: 2^%d",
+-				(int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
+-		free(ef->sb);
+-		return -EIO;
+-	}
+ 	if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
+ 			exfat_get_size(ef->dev))
+ 	{
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/debian/patches/detect-infinite-loop
+++ exfat-utils-1.1.0/debian/patches/detect-infinite-loop
@@ -0,0 +1,52 @@
+Patch for https://github.com/relan/exfat/issues/6
+See also:
+https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
+Index: exfat-utils/libexfat/mount.c
+===================================================================
+--- exfat-utils.orig/libexfat/mount.c
++++ exfat-utils/libexfat/mount.c
+@@ -30,23 +30,32 @@
+ 
+ static uint64_t rootdir_size(const struct exfat* ef)
+ {
+-	uint64_t clusters = 0;
++	uint32_t clusters = 0;
++	uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count);
+ 	cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
+ 
+-	while (!CLUSTER_INVALID(rootdir_cluster))
++	/* Iterate all clusters of the root directory to calculate its size.
++	   It can't be contiguous because there is no flag to indicate this. */
++	do
+ 	{
+-		clusters++;
+-		/* root directory cannot be contiguous because there is no flag
+-		   to indicate this */
++		if (clusters == clusters_max) /* infinite loop detected */
++		{
++			exfat_error("root directory cannot occupy all %d clusters",
++					clusters);
++			return 0;
++		}
++		if (CLUSTER_INVALID(rootdir_cluster))
++		{
++			exfat_error("bad cluster %#x while reading root directory",
++					rootdir_cluster);
++			return 0;
++		}
+ 		rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
++		clusters++;
+ 	}
+-	if (rootdir_cluster != EXFAT_CLUSTER_END)
+-	{
+-		exfat_error("bad cluster %#x while reading root directory",
+-				rootdir_cluster);
+-		return 0;
+-	}
+-	return clusters * CLUSTER_SIZE(*ef->sb);
++	while (rootdir_cluster != EXFAT_CLUSTER_END);
++
++	return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb);
+ }
+ 
+ static const char* get_option(const char* options, const char* option_name)
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/debian/patches/series
+++ exfat-utils-1.1.0/debian/patches/series
@@ -0,0 +1,2 @@
+check-sector-and-cluster-size
+detect-infinite-loop

--- End Message ---
--- Begin Message --- 
Version: 8.3

Hi,

The updates referred to in these bugs were included in today's 8.3
Jessie point release.

Regards,

Adam

--- End Message ---
Reply to: