!38 [sync] PR-35: fix CVE-2022-40284
From: @openeuler-sync-bot Reviewed-by: @caodongxia Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot
Gitee
commit
33075a922b
46
CVE-2022-40284_1.patch
Normal file
46
CVE-2022-40284_1.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From 18bfc676119a1188e8135287b8327b0760ba44a1 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr>
|
||||
Date: Wed, 14 Sep 2022 08:29:58 +0200
|
||||
Subject: [PATCH] Rejected zero-sized runs
|
||||
|
||||
A zero-size run is the universal way to indentify the end of a runlist,
|
||||
so we must reject zero-sized runs when decompressing a runlist. A
|
||||
zero-size data run is an error, and a zero-size hole is simply ignored.
|
||||
---
|
||||
libntfs-3g/runlist.c | 13 ++++++++++---
|
||||
1 file changed, 10 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/libntfs-3g/runlist.c b/libntfs-3g/runlist.c
|
||||
index c83c2b7d..720bdce6 100644
|
||||
--- a/libntfs-3g/runlist.c
|
||||
+++ b/libntfs-3g/runlist.c
|
||||
@@ -5,7 +5,7 @@
|
||||
* Copyright (c) 2002-2005 Richard Russon
|
||||
* Copyright (c) 2002-2008 Szabolcs Szakacsits
|
||||
* Copyright (c) 2004 Yura Pakhuchiy
|
||||
- * Copyright (c) 2007-2010 Jean-Pierre Andre
|
||||
+ * Copyright (c) 2007-2022 Jean-Pierre Andre
|
||||
*
|
||||
* This program/include file is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License as published
|
||||
@@ -918,11 +918,18 @@ static runlist_element *ntfs_mapping_pairs_decompress_i(const ntfs_volume *vol,
|
||||
"array.\n");
|
||||
goto err_out;
|
||||
}
|
||||
+ /* chkdsk accepts zero-sized runs only for holes */
|
||||
+ if ((lcn != (LCN)-1) && !rl[rlpos].length) {
|
||||
+ ntfs_log_debug(
|
||||
+ "Invalid zero-sized data run.\n");
|
||||
+ goto err_out;
|
||||
+ }
|
||||
/* Enter the current lcn into the runlist element. */
|
||||
rl[rlpos].lcn = lcn;
|
||||
}
|
||||
- /* Get to the next runlist element. */
|
||||
- rlpos++;
|
||||
+ /* Get to the next runlist element, skipping zero-sized holes */
|
||||
+ if (rl[rlpos].length)
|
||||
+ rlpos++;
|
||||
/* Increment the buffer position to the next mapping pair. */
|
||||
buf += (*buf & 0xf) + ((*buf >> 4) & 0xf) + 1;
|
||||
}
|
||||
37
CVE-2022-40284_2.patch
Normal file
37
CVE-2022-40284_2.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 76c3a799a97fbcedeeeca57f598be508ae2a1656 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr>
|
||||
Date: Wed, 14 Sep 2022 08:31:31 +0200
|
||||
Subject: [PATCH] Avoided merging runlists with no runs
|
||||
|
||||
Runlists with no runs are tolerated though not expected. However merging
|
||||
such runlists is problematic as there is no significant vcn to examine.
|
||||
So avoid merging them, and just return the other runlist.
|
||||
---
|
||||
libntfs-3g/runlist.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libntfs-3g/runlist.c b/libntfs-3g/runlist.c
|
||||
index 720bdce6..cb01e5a7 100644
|
||||
--- a/libntfs-3g/runlist.c
|
||||
+++ b/libntfs-3g/runlist.c
|
||||
@@ -994,13 +994,18 @@ static runlist_element *ntfs_mapping_pairs_decompress_i(const ntfs_volume *vol,
|
||||
rl[rlpos].vcn = vcn;
|
||||
rl[rlpos].length = (s64)0;
|
||||
/* If no existing runlist was specified, we are done. */
|
||||
- if (!old_rl) {
|
||||
+ if (!old_rl || !old_rl[0].length) {
|
||||
ntfs_log_debug("Mapping pairs array successfully decompressed:\n");
|
||||
ntfs_debug_runlist_dump(rl);
|
||||
+ if (old_rl)
|
||||
+ free(old_rl);
|
||||
return rl;
|
||||
}
|
||||
/* Now combine the new and old runlists checking for overlaps. */
|
||||
- old_rl = ntfs_runlists_merge(old_rl, rl);
|
||||
+ if (rl[0].length)
|
||||
+ old_rl = ntfs_runlists_merge(old_rl, rl);
|
||||
+ else
|
||||
+ free(rl);
|
||||
if (old_rl)
|
||||
return old_rl;
|
||||
err = errno;
|
||||
@ -1,6 +1,6 @@
|
||||
Name: ntfs-3g
|
||||
Version: 2022.5.17
|
||||
Release: 1
|
||||
Release: 2
|
||||
Epoch: 2
|
||||
Summary: Linux NTFS userspace driver
|
||||
License: GPLv2+
|
||||
@ -8,6 +8,8 @@ URL: http://www.ntfs-3g.org/
|
||||
Source0: http://tuxera.com/opensource/%{name}_ntfsprogs-%{version}%{?subver}.tgz
|
||||
Patch0: 0000-ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
|
||||
Patch1: add-version-and-help-usage.patch
|
||||
Patch2: CVE-2022-40284_1.patch
|
||||
Patch3: CVE-2022-40284_2.patch
|
||||
|
||||
BuildRequires: libtool, libattr-devel, libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
|
||||
Provides: ntfsprogs-fuse = %{epoch}:%{version}-%{release}
|
||||
@ -89,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/README
|
||||
%{_mandir}/man*/*
|
||||
|
||||
%changelog
|
||||
* Thu Nov 10 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 2:2022.5.17-2
|
||||
- fix CVE-2022-40284
|
||||
|
||||
* Fri May 27 2022 wangkai <wangkai385@h-partners.com> - 2:2022.5.17-1
|
||||
- Upgrade to 2022.5.17 to fix the cves
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user