packages/e2fsprogs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport patch to fix CVE-2019-5188

Browse Source
This commit is contained in:
eulerstorage 2020-01-14 20:38:10 +08:00
parent bdcdb4e51f
commit 2028e37c8e
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
6000-e2fsck-abort-if-there-is-a-corrupted-directory-block.patch Normal file
View File

@ -0,0 +1,53 @@
From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Thu, 19 Dec 2019 19:37:34 -0500
Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when
rehashing
In e2fsck pass 3a, when we are rehashing directories, at least in
theory, all of the directories should have had corruptions with
respect to directory entry structure fixed. However, it's possible
(for example, if the user declined a fix) that we can reach this stage
of processing with a corrupted directory entries.
So check for that case and don't try to process a corrupted directory
block so we don't run into trouble in mutate_name() if there is a
zero-length file name.
Addresses: TALOS-2019-0973
Addresses: CVE-2019-5188
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
e2fsck/rehash.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
index a5fc1be..3dd1e94 100644
--- a/e2fsck/rehash.c
+++ b/e2fsck/rehash.c
@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs,
dir_offset += rec_len;
if (dirent->inode == 0)
continue;
+ if ((name_len) == 0) {
+ fd->err = EXT2_ET_DIR_CORRUPTED;
+ return BLOCK_ABORT;
+ }
if (!fd->compress && (name_len == 1) &&
(dirent->name[0] == '.'))
continue;
@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
continue;
}
new_len = ext2fs_dirent_name_len(ent->dir);
+ if (new_len == 0) {
+ /* should never happen */
+ ext2fs_unmark_valid(fs);
+ continue;
+ }
memcpy(new_name, ent->dir->name, new_len);
mutate_name(new_name, &new_len);
for (j=0; j < fd->num_array; j++) {
--
1.8.3.1

9
e2fsprogs.spec
View File

@ -1,11 +1,12 @@
Name: e2fsprogs Name: e2fsprogs
Version: 1.45.3 Version: 1.45.3
Release: 0 Release: 1
Summary: Second extended file system management tools Summary: Second extended file system management tools
License: GPLv2 and LGPLv2 and MIT License: GPLv2 and LGPLv2 and MIT
URL: http://e2fsprogs.sourceforge.net/ URL: http://e2fsprogs.sourceforge.net/
Source0: https://www.kernel.org/pub/linux/kernel/people/tytso/%{name}/v%{version}/%{name}-%{version}.tar.xz Source0: https://www.kernel.org/pub/linux/kernel/people/tytso/%{name}/v%{version}/%{name}-%{version}.tar.xz
Patch6000: 6000-e2fsck-abort-if-there-is-a-corrupted-directory-block.patch
Patch9000: 9000-mke2fs-check.patch Patch9000: 9000-mke2fs-check.patch
BuildRequires: gcc git pkgconfig texinfo BuildRequires: gcc git pkgconfig texinfo
@ -123,6 +124,12 @@ exit 0
%{_mandir}/man8/* %{_mandir}/man8/*
%changelog %changelog
* Mon Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.45.3-1
- Type:cves
- ID:CVE-2019-5188
- SUG:restart
- DESC:backport patch to fix CVE-2019-5188.
* Mon Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.45.3-0 * Mon Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.45.3-0
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA