diff options
Diffstat (limited to 'meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch')
| -rw-r--r-- | meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch deleted file mode 100644 index 5b6346b150..0000000000 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch +++ /dev/null @@ -1,58 +0,0 @@ -From f66e6ce4446738c2c7f43d41988a3eb73347e2f5 Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o <tytso@mit.edu> -Date: Sat, 9 Aug 2014 12:24:54 -0400 -Subject: libext2fs: avoid buffer overflow if s_first_meta_bg is too big - -If s_first_meta_bg is greater than the of number block group -descriptor blocks, then reading or writing the block group descriptors -will end up overruning the memory buffer allocated for the -descriptors. Fix this by limiting first_meta_bg to no more than -fs->desc_blocks. This doesn't correct the bad s_first_meta_bg value, -but it avoids causing the e2fsprogs userspace programs from -potentially crashing. - -Upstream-Status: Backport -CVE: CVE-2015-0247 - -Signed-off-by: Theodore Ts'o <tytso@mit.edu> -Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> - -diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c -index 4599eef..1f99113 100644 ---- a/lib/ext2fs/closefs.c -+++ b/lib/ext2fs/closefs.c -@@ -344,9 +344,11 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags) - * superblocks and group descriptors. - */ - group_ptr = (char *) group_shadow; -- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) -+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { - old_desc_blocks = fs->super->s_first_meta_bg; -- else -+ if (old_desc_blocks > fs->super->s_first_meta_bg) -+ old_desc_blocks = fs->desc_blocks; -+ } else - old_desc_blocks = fs->desc_blocks; - - ext2fs_numeric_progress_init(fs, &progress, NULL, -diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c -index a1a3517..ba501e6 100644 ---- a/lib/ext2fs/openfs.c -+++ b/lib/ext2fs/openfs.c -@@ -378,9 +378,11 @@ errcode_t ext2fs_open2(const char *name, const char *io_options, - #ifdef WORDS_BIGENDIAN - groups_per_block = EXT2_DESC_PER_BLOCK(fs->super); - #endif -- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) -+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { - first_meta_bg = fs->super->s_first_meta_bg; -- else -+ if (first_meta_bg > fs->desc_blocks) -+ first_meta_bg = fs->desc_blocks; -+ } else - first_meta_bg = fs->desc_blocks; - if (first_meta_bg) { - retval = io_channel_read_blk(fs->io, group_block + --- -cgit v0.10.2 - |