partclone: unfreeze request

To: debian-release@lists.debian.org
Cc: Yu-Chin Tsai <thomas@nchc.org.tw>
Subject: partclone: unfreeze request
From: Georges Khaznadar <georges.khaznadar@free.fr>
Date: Thu, 6 Apr 2017 21:00:40 +0200
Message-id: <[🔎] 20170406190040.jtqgz3sv6p774hco@localhost>

Dear debian-release members, I hereby ask you to unfreeze partclone in
order to allow 0.2.89-3 into Stretch.

This is a bugfix release which take in account a security alert, CVE-2017-6596

------------------ output of source debdiff -------------------

$ LC_ALL=C debdiff ../partclone_0.2.89-2.dsc ../partclone_0.2.89-3.dsc
diff -Nru partclone-0.2.89/debian/changelog partclone-0.2.89/debian/changelog
--- partclone-0.2.89/debian/changelog	2016-11-23 18:25:53.000000000 +0100
+++ partclone-0.2.89/debian/changelog	2017-04-06 20:41:56.000000000 +0200
@@ -1,3 +1,10 @@
+partclone (0.2.89-3) unstable; urgency=medium
+
+  *  backported some code from the last version. Closes: #857966 (CVE-2017-6596)
+
+
+ -- Georges Khaznadar <georgesk@debian.org>  Thu, 06 Apr 2017 20:41:56 +0200
+
 partclone (0.2.89-2) unstable; urgency=medium
 
   * added a dependency on libaal-dev >= 1.06-3. Closes: #842115





------------------ content of debian/patches/malloc.patch ---------
Description: Allocating memory more carefully
 partclone (0.2.89-3) unstable; urgency=medium
 .
   * backported some code from the last version. Closes: #857966 (CVE-2017-6596)
Author: Georges Khaznadar <georgesk@debian.org>
Bug-Debian: https://bugs.debian.org/842115

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: Yu-Chin Tsai <thomas@nchc.org.tw>: private e-mail
Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857966
Bug-Debian: https://bugs.debian.org/857966
Reviewed-By: Yu-Chin Tsai <thomas@nchc.org.tw>
Last-Update: 2017-04-06

--- partclone-0.2.89.orig/src/main.c
+++ partclone-0.2.89/src/main.c
@@ -26,6 +26,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <pthread.h>
+#include <malloc.h>
 
 /**
  * progress.h - only for progress bar
@@ -141,6 +142,7 @@ int main(int argc, char **argv) {
 	char			bitmagic[8] = "BiTmAgIc";// only for check postition
 	char			bitmagic_r[8]="00000000";/// read magic string from image
 	unsigned long		*bitmap = NULL;		/// the point for bitmap data
+	unsigned long long	memsize = 0;
 	int			debug = 0;		/// debug level
 	int			tui = 0;		/// text user interface
 	int			pui = 0;		/// progress mode(default text)
@@ -258,7 +260,9 @@ int main(int argc, char **argv) {
 
 		/// alloc a memory to store bitmap
 		bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock));
-		if (bitmap == NULL) {
+		memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock);
+		
+		if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) {
 			log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__);
 		}
 
@@ -309,7 +313,9 @@ int main(int argc, char **argv) {
 
 		/// alloc a memory to restore bitmap
 		bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock));
-		if (bitmap == NULL) {
+		memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock);
+		
+		if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) {
 			log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__);
 		}
 
@@ -359,7 +365,9 @@ int main(int argc, char **argv) {
 
 		/// alloc a memory to restore bitmap
 		bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock));
-		if (bitmap == NULL) {
+		memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock);
+		
+		if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) {
 			log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__);
 		}
 
@@ -404,7 +412,9 @@ int main(int argc, char **argv) {
 
 		/// alloc a memory to restore bitmap
 		bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock));
-		if (bitmap == NULL) {
+		memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock);
+		
+		if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) {
 			log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__);
 		}
 
--- partclone-0.2.89.orig/src/partclone.c
+++ partclone-0.2.89/src/partclone.c
@@ -641,6 +641,12 @@ void restore_image_hdr(int* ret, cmd_opt
 	if (image_hdr->usedblocks <= 0)
 	    log_mesg(0, 1, 1, debug, "read image_hdr usedblocks error\n");
 	
+	if (image_hdr->usedblocks > image_hdr->totalblock)
+	    log_mesg(0, 1, 1, debug, "usedblocks larger than total block error\n");
+	
+	if (image_hdr->block_size * image_hdr->totalblock > image_hdr->device_size )
+	    log_mesg(0, 0, 1, debug, "device size not match block count\n");
+	
 	dev_size = (unsigned long long)(image_hdr->totalblock * image_hdr->block_size);
 	if (opt->restore_raw_file == 1) {
 	    return;

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: partclone: unfreeze request
  - From: Niels Thykier <niels@thykier.net>

Prev by Date: Bug#858635: unblock (pre-approval): dbus/1.10.18-1 with #857660 fixed
Next by Date: Re: partclone: unfreeze request
Previous by thread: Bug#859736: marked as done (unblock: ibus-anthy/1.5.9-2)
Next by thread: Re: partclone: unfreeze request
Index(es):
- Date
- Thread