powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1016 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 2cda77266d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2cda77266d'
${ noResults }
base/SOURCES/e2fsprogs-1.42.9-libext2fs-...

52 lines
2.1 KiB
Raw Blame History

commit f66e6ce4446738c2c7f43d41988a3eb73347e2f5
Author: Theodore Ts'o <tytso@mit.edu>
Date: Sat Aug 9 12:24:54 2014 -0400
libext2fs: avoid buffer overflow if s_first_meta_bg is too big
If s_first_meta_bg is greater than the of number block group
descriptor blocks, then reading or writing the block group descriptors
will end up overruning the memory buffer allocated for the
descriptors. Fix this by limiting first_meta_bg to no more than
fs->desc_blocks. This doesn't correct the bad s_first_meta_bg value,
but it avoids causing the e2fsprogs userspace programs from
potentially crashing.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Index: e2fsprogs-1.42.9/lib/ext2fs/closefs.c
===================================================================
--- e2fsprogs-1.42.9.orig/lib/ext2fs/closefs.c
+++ e2fsprogs-1.42.9/lib/ext2fs/closefs.c
@@ -336,9 +336,11 @@ errcode_t ext2fs_flush2(ext2_filsys fs,
* superblocks and group descriptors.
*/
group_ptr = (char *) group_shadow;
- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG)
+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
old_desc_blocks = fs->super->s_first_meta_bg;
- else
+ if (old_desc_blocks > fs->super->s_first_meta_bg)
+ old_desc_blocks = fs->desc_blocks;
+ } else
old_desc_blocks = fs->desc_blocks;
ext2fs_numeric_progress_init(fs, &progress, NULL,
Index: e2fsprogs-1.42.9/lib/ext2fs/openfs.c
===================================================================
--- e2fsprogs-1.42.9.orig/lib/ext2fs/openfs.c
+++ e2fsprogs-1.42.9/lib/ext2fs/openfs.c
@@ -348,9 +348,11 @@ errcode_t ext2fs_open2(const char *name,
#ifdef WORDS_BIGENDIAN
groups_per_block = EXT2_DESC_PER_BLOCK(fs->super);
#endif
- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG)
+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
first_meta_bg = fs->super->s_first_meta_bg;
- else
+ if (first_meta_bg > fs->desc_blocks)
+ first_meta_bg = fs->desc_blocks;
+ } else
first_meta_bg = fs->desc_blocks;
if (first_meta_bg) {
retval = io_channel_read_blk(fs->io, group_block+1,