backport patch to fix CVE-2019-5188
This commit is contained in:
eulerstorage
parent
bdcdb4e51f
commit
2028e37c8e
@ -0,0 +1,53 @@
|
||||
From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001
|
||||
From: Theodore Ts'o <tytso@mit.edu>
|
||||
Date: Thu, 19 Dec 2019 19:37:34 -0500
|
||||
Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when
|
||||
rehashing
|
||||
|
||||
In e2fsck pass 3a, when we are rehashing directories, at least in
|
||||
theory, all of the directories should have had corruptions with
|
||||
respect to directory entry structure fixed. However, it's possible
|
||||
(for example, if the user declined a fix) that we can reach this stage
|
||||
of processing with a corrupted directory entries.
|
||||
|
||||
So check for that case and don't try to process a corrupted directory
|
||||
block so we don't run into trouble in mutate_name() if there is a
|
||||
zero-length file name.
|
||||
|
||||
Addresses: TALOS-2019-0973
|
||||
Addresses: CVE-2019-5188
|
||||
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||
---
|
||||
e2fsck/rehash.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
|
||||
index a5fc1be..3dd1e94 100644
|
||||
--- a/e2fsck/rehash.c
|
||||
+++ b/e2fsck/rehash.c
|
||||
@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs,
|
||||
dir_offset += rec_len;
|
||||
if (dirent->inode == 0)
|
||||
continue;
|
||||
+ if ((name_len) == 0) {
|
||||
+ fd->err = EXT2_ET_DIR_CORRUPTED;
|
||||
+ return BLOCK_ABORT;
|
||||
+ }
|
||||
if (!fd->compress && (name_len == 1) &&
|
||||
(dirent->name[0] == '.'))
|
||||
continue;
|
||||
@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
|
||||
continue;
|
||||
}
|
||||
new_len = ext2fs_dirent_name_len(ent->dir);
|
||||
+ if (new_len == 0) {
|
||||
+ /* should never happen */
|
||||
+ ext2fs_unmark_valid(fs);
|
||||
+ continue;
|
||||
+ }
|
||||
memcpy(new_name, ent->dir->name, new_len);
|
||||
mutate_name(new_name, &new_len);
|
||||
for (j=0; j < fd->num_array; j++) {
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,11 +1,12 @@
|
||||
Name: e2fsprogs
|
||||
Version: 1.45.3
|
||||
Release: 0
|
||||
Release: 1
|
||||
Summary: Second extended file system management tools
|
||||
License: GPLv2 and LGPLv2 and MIT
|
||||
URL: http://e2fsprogs.sourceforge.net/
|
||||
Source0: https://www.kernel.org/pub/linux/kernel/people/tytso/%{name}/v%{version}/%{name}-%{version}.tar.xz
|
||||
|
||||
Patch6000: 6000-e2fsck-abort-if-there-is-a-corrupted-directory-block.patch
|
||||
Patch9000: 9000-mke2fs-check.patch
|
||||
|
||||
BuildRequires: gcc git pkgconfig texinfo
|
||||
@ -123,6 +124,12 @@ exit 0
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Mon Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.45.3-1
|
||||
- Type:cves
|
||||
- ID:CVE-2019-5188
|
||||
- SUG:restart
|
||||
- DESC:backport patch to fix CVE-2019-5188.
|
||||
|
||||
* Mon Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.45.3-0
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user