Fix heap-buffer-overflow in fdisk_partname
This commit is contained in:
yang_zhuang_zhuang
parent
e059a336a6
commit
eec4386b14
22
backport-libfdisk-make-fdisk_partname-more-robust.patch
Normal file
22
backport-libfdisk-make-fdisk_partname-more-robust.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
From 9f03ad60e58f7bdcac6a1046471a3374550ee384 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Karel Zak <kzak@redhat.com>
|
||||||
|
Date: Thu, 13 Aug 2020 10:12:01 +0200
|
||||||
|
Subject: [PATCH] libfdisk: make fdisk_partname() more robust
|
||||||
|
|
||||||
|
---
|
||||||
|
libfdisk/src/utils.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libfdisk/src/utils.c b/libfdisk/src/utils.c
|
||||||
|
index 6056e7f1f..38ad23393 100644
|
||||||
|
--- a/libfdisk/src/utils.c
|
||||||
|
+++ b/libfdisk/src/utils.c
|
||||||
|
@@ -142,7 +142,7 @@ char *fdisk_partname(const char *dev, size_t partno)
|
||||||
|
|
||||||
|
/* devfs kludge - note: fdisk partition names are not supposed
|
||||||
|
to equal kernel names, so there is no reason to do this */
|
||||||
|
- if (strcmp(dev + w - 4, "disc") == 0) {
|
||||||
|
+ if (endswith(dev, "disc")) {
|
||||||
|
w -= 4;
|
||||||
|
p = "part";
|
||||||
|
}
|
||||||
@ -0,0 +1,66 @@
|
|||||||
|
From 72f783d0ea5297e3fab22a93574aa63f421c5f69 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Karel Zak <kzak@redhat.com>
|
||||||
|
Date: Mon, 17 Aug 2020 16:33:59 +0200
|
||||||
|
Subject: [PATCH] libmount: fix tab parser for badly terminated lines
|
||||||
|
|
||||||
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||||
|
---
|
||||||
|
libmount/src/tab_parse.c | 26 +++++++++++---------------
|
||||||
|
1 file changed, 11 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c
|
||||||
|
index fa2d31b81..329987bcb 100644
|
||||||
|
--- a/libmount/src/tab_parse.c
|
||||||
|
+++ b/libmount/src/tab_parse.c
|
||||||
|
@@ -481,7 +481,7 @@ static int is_terminated_by_blank(const char *str)
|
||||||
|
if (p == str)
|
||||||
|
return 1; /* only '\n' */
|
||||||
|
p--;
|
||||||
|
- while (p >= str && (*p == ' ' || *p == '\t'))
|
||||||
|
+ while (p > str && (*p == ' ' || *p == '\t'))
|
||||||
|
p--;
|
||||||
|
return *p == '\n' ? 1 : 0;
|
||||||
|
}
|
||||||
|
@@ -553,22 +553,16 @@ static int mnt_table_parse_next(struct libmnt_parser *pa,
|
||||||
|
pa->line++;
|
||||||
|
s = strchr(pa->buf, '\n');
|
||||||
|
if (!s) {
|
||||||
|
+ DBG(TAB, ul_debugobj(tb, "%s:%zu: no final newline",
|
||||||
|
+ pa->filename, pa->line));
|
||||||
|
+
|
||||||
|
/* Missing final newline? Otherwise an extremely */
|
||||||
|
/* long line - assume file was corrupted */
|
||||||
|
- if (feof(pa->f)) {
|
||||||
|
- DBG(TAB, ul_debugobj(tb,
|
||||||
|
- "%s: no final newline", pa->filename));
|
||||||
|
- s = strchr(pa->buf, '\0');
|
||||||
|
- } else {
|
||||||
|
- DBG(TAB, ul_debugobj(tb,
|
||||||
|
- "%s:%zu: missing newline at line",
|
||||||
|
- pa->filename, pa->line));
|
||||||
|
- goto err;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
+ if (feof(pa->f))
|
||||||
|
+ s = memchr(pa->buf, '\0', pa->bufsiz);
|
||||||
|
|
||||||
|
/* comments parser */
|
||||||
|
- if (tb->comms
|
||||||
|
+ } else if (tb->comms
|
||||||
|
&& (tb->fmt == MNT_FMT_GUESS || tb->fmt == MNT_FMT_FSTAB)
|
||||||
|
&& is_comment_line(pa->buf)) {
|
||||||
|
do {
|
||||||
|
@@ -584,9 +578,11 @@ static int mnt_table_parse_next(struct libmnt_parser *pa,
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (!s)
|
||||||
|
+ goto err;
|
||||||
|
*s = '\0';
|
||||||
|
- if (--s >= pa->buf && *s == '\r')
|
||||||
|
- *s = '\0';
|
||||||
|
+ if (s > pa->buf && *(s - 1) == '\r')
|
||||||
|
+ *(--s) = '\0';
|
||||||
|
s = (char *) skip_blank(pa->buf);
|
||||||
|
} while (*s == '\0' || *s == '#');
|
||||||
|
|
||||||
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
Name: util-linux
|
Name: util-linux
|
||||||
Version: 2.36.1
|
Version: 2.36.1
|
||||||
Release: 1
|
Release: 2
|
||||||
Summary: A random collection of Linux utilities
|
Summary: A random collection of Linux utilities
|
||||||
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
|
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
|
||||||
URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
|
URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
|
||||||
@ -37,6 +37,8 @@ Obsoletes: eject <= 2.1.5 rfkill <= 0.5 util-linux-ng < 2.19 hardlink <= 1:
|
|||||||
|
|
||||||
Patch0: 2.36-login-lastlog-create.patch
|
Patch0: 2.36-login-lastlog-create.patch
|
||||||
Patch1: Do-not-excute-Utmp-testcases.patch
|
Patch1: Do-not-excute-Utmp-testcases.patch
|
||||||
|
Patch2: backport-libfdisk-make-fdisk_partname-more-robust.patch
|
||||||
|
Patch3: backport-libmount-fix-tab-parser-for-badly-terminated-lines.patch
|
||||||
|
|
||||||
Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch
|
Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch
|
||||||
|
|
||||||
@ -386,6 +388,12 @@ fi
|
|||||||
%{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
|
%{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 1 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 2.36.1-2
|
||||||
|
- Type:bugfix
|
||||||
|
- ID:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:Fix heap-buffer-overflow in fdisk_partname
|
||||||
|
|
||||||
* Tue Jan 26 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 2.36.1-1
|
* Tue Jan 26 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 2.36.1-1
|
||||||
- Type:enhancement
|
- Type:enhancement
|
||||||
- ID:NA
|
- ID:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user