Dear debian-release members, I hereby ask you to unfreeze partclone in order to allow 0.2.89-3 into Stretch. This is a bugfix release which take in account a security alert, CVE-2017-6596 ------------------ output of source debdiff ------------------- $ LC_ALL=C debdiff ../partclone_0.2.89-2.dsc ../partclone_0.2.89-3.dsc diff -Nru partclone-0.2.89/debian/changelog partclone-0.2.89/debian/changelog --- partclone-0.2.89/debian/changelog 2016-11-23 18:25:53.000000000 +0100 +++ partclone-0.2.89/debian/changelog 2017-04-06 20:41:56.000000000 +0200 @@ -1,3 +1,10 @@ +partclone (0.2.89-3) unstable; urgency=medium + + * backported some code from the last version. Closes: #857966 (CVE-2017-6596) + + + -- Georges Khaznadar <georgesk@debian.org> Thu, 06 Apr 2017 20:41:56 +0200 + partclone (0.2.89-2) unstable; urgency=medium * added a dependency on libaal-dev >= 1.06-3. Closes: #842115 ------------------ content of debian/patches/malloc.patch --------- Description: Allocating memory more carefully partclone (0.2.89-3) unstable; urgency=medium . * backported some code from the last version. Closes: #857966 (CVE-2017-6596) Author: Georges Khaznadar <georgesk@debian.org> Bug-Debian: https://bugs.debian.org/842115 --- The information above should follow the Patch Tagging Guidelines, please checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here are templates for supplementary fields that you might want to add: Origin: Yu-Chin Tsai <thomas@nchc.org.tw>: private e-mail Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857966 Bug-Debian: https://bugs.debian.org/857966 Reviewed-By: Yu-Chin Tsai <thomas@nchc.org.tw> Last-Update: 2017-04-06 --- partclone-0.2.89.orig/src/main.c +++ partclone-0.2.89/src/main.c @@ -26,6 +26,7 @@ #include <string.h> #include <unistd.h> #include <pthread.h> +#include <malloc.h> /** * progress.h - only for progress bar @@ -141,6 +142,7 @@ int main(int argc, char **argv) { char bitmagic[8] = "BiTmAgIc";// only for check postition char bitmagic_r[8]="00000000";/// read magic string from image unsigned long *bitmap = NULL; /// the point for bitmap data + unsigned long long memsize = 0; int debug = 0; /// debug level int tui = 0; /// text user interface int pui = 0; /// progress mode(default text) @@ -258,7 +260,9 @@ int main(int argc, char **argv) { /// alloc a memory to store bitmap bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock)); - if (bitmap == NULL) { + memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock); + + if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) { log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__); } @@ -309,7 +313,9 @@ int main(int argc, char **argv) { /// alloc a memory to restore bitmap bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock)); - if (bitmap == NULL) { + memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock); + + if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) { log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__); } @@ -359,7 +365,9 @@ int main(int argc, char **argv) { /// alloc a memory to restore bitmap bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock)); - if (bitmap == NULL) { + memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock); + + if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) { log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__); } @@ -404,7 +412,9 @@ int main(int argc, char **argv) { /// alloc a memory to restore bitmap bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock)); - if (bitmap == NULL) { + memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock); + + if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) { log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__); } --- partclone-0.2.89.orig/src/partclone.c +++ partclone-0.2.89/src/partclone.c @@ -641,6 +641,12 @@ void restore_image_hdr(int* ret, cmd_opt if (image_hdr->usedblocks <= 0) log_mesg(0, 1, 1, debug, "read image_hdr usedblocks error\n"); + if (image_hdr->usedblocks > image_hdr->totalblock) + log_mesg(0, 1, 1, debug, "usedblocks larger than total block error\n"); + + if (image_hdr->block_size * image_hdr->totalblock > image_hdr->device_size ) + log_mesg(0, 0, 1, debug, "device size not match block count\n"); + dev_size = (unsigned long long)(image_hdr->totalblock * image_hdr->block_size); if (opt->restore_raw_file == 1) { return;
Attachment:
signature.asc
Description: PGP signature