dosfstools: fix out of bound writeszeus-22.0.4 zeus-22.0.3 zeus-22.0.2 zeus-22.0.1 yocto-3.0.4 yocto-3.0.3 yocto-3.0.2 yocto-3.0.1 zeus

Fix write issues where sprintf writes across both name and ext fields and drops the final null ternimator outside the struct Signed-off-by: AJ Bagwell <anthony.bagwell@hivehome.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
author: AJ Bagwell <anthony.bagwell@hivehome.com> 2019-11-11 10:32:22 +0000
committer: Ross Burton <ross.burton@intel.com> 2019-11-11 11:20:30 +0000
commit: 0f4eecc000f66d114ad258fa31aed66afa292166 (patch)
tree: 4087f09de4a173f38ea2537488ae67722012ad3c
parent: 9ca96786fd851150b518388bcb166efa0b4dfff9 (diff)
download: meta-gplv2-zeus.tar.gz
2 files changed, 55 insertions, 0 deletions
diff --git a/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch b/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch
new file mode 100644
index 0000000..f80f5ab
--- /dev/null
+++ b/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch
@@ -0,0 +1,54 @@
+Fix out of bound write issues where sprintf writes across both
+name and ext fields and drops the final null ternimator outside the struct
+Upstream-Status: Inappropriate [licensing]
+We're tracking an old release of dosfstools due to licensing issues.
+diff --git a/dosfsck/check.c b/dosfsck/check.c
+index e8c13bb..91177d3 100644
+--- a/dosfsck/check.c
+++ b/dosfsck/check.c
+@@ -58,6 +58,13 @@ static DOS_FILE *root;
+     }                                                                  \
+   } while(0)
+ 
+static void de_printf(DIR_ENT *de, const char *pattern, int curr_num)
+{
+    char buffer[12];
+    sprintf(buffer, pattern, curr_num);
+    memcpy(de->name, buffer, 8);
+    memcpy(de->ext, buffer + 8, 3);
+}
+ 
+ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const char *pattern)
+ {
+@@ -110,7 +117,8 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const char *pattern)
+        }
+        memset(de,0,sizeof(DIR_ENT));
+        while (1) {
+-           sprintf(de->name,pattern,curr_num);
+           de_printf(de, pattern, curr_num);
+
+            clu_num = fs->root_cluster;
+            i = 0;
+            offset2 = cluster_start(fs,clu_num);
+@@ -150,7 +158,7 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const char *pattern)
+        offset = fs->root_start+next_free*sizeof(DIR_ENT);
+        memset(de,0,sizeof(DIR_ENT));
+        while (1) {
+-           sprintf(de->name,pattern,curr_num);
+           de_printf(de, pattern, curr_num);
+            for (scan = 0; scan < fs->root_entries; scan++)
+                if (scan != next_free &&
+                    !strncmp(root[scan].name,de->name,MSDOS_NAME))
+@@ -311,8 +319,8 @@ static void auto_rename(DOS_FILE *file)
+     first = file->parent ? file->parent->first : root;
+     number = 0;
+     while (1) {
+-       sprintf(file->dir_ent.name,"FSCK%04d",number);
+-       strncpy(file->dir_ent.ext,"REN",3);
+       de_printf(&file->dir_ent, "FSCK%04dREN", number);
+
+        for (walk = first; walk; walk = walk->next)
+            if (walk != file && !strncmp(walk->dir_ent.name,file->dir_ent.
+              name,MSDOS_NAME)) break;
diff --git a/recipes-devtools/dosfstools/dosfstools_2.11.bb b/recipes-devtools/dosfstools/dosfstools_2.11.bb
index dd543b1..37c2181 100644
--- a/recipes-devtools/dosfstools/dosfstools_2.11.bb
+++ b/recipes-devtools/dosfstools/dosfstools_2.11.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://pkgs.fedoraproject.org/repo/pkgs/${BPN}/${BP}.src.tar.gz/407d4
           file://nofat32_autoselect.patch \
           file://fix_populated_dosfs_creation.patch \
           file://0001-Include-fcntl.h-for-getting-loff_t-definition.patch \
+           file://fixing-out-of-bound-writes.patch \
 "
 SRC_URI[md5sum] = "407d405ade410f7597d364ab5dc8c9f6"
author	AJ Bagwell <anthony.bagwell@hivehome.com>	2019-11-11 10:32:22 +0000
committer	Ross Burton <ross.burton@intel.com>	2019-11-11 11:20:30 +0000
commit	0f4eecc000f66d114ad258fa31aed66afa292166 (patch)
tree	4087f09de4a173f38ea2537488ae67722012ad3c
parent	9ca96786fd851150b518388bcb166efa0b4dfff9 (diff)
download	meta-gplv2-zeus.tar.gz

diff --git a/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch b/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch new file mode 100644 index 0000000..f80f5ab --- /dev/null +++ b/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch
@@ -0,0 +1,54 @@
		1	Fix out of bound write issues where sprintf writes across both
		2	name and ext fields and drops the final null ternimator outside the struct
		3
		4	Upstream-Status: Inappropriate [licensing]
		5	We're tracking an old release of dosfstools due to licensing issues.
		6
		7	diff --git a/dosfsck/check.c b/dosfsck/check.c
		8	index e8c13bb..91177d3 100644
		9	--- a/dosfsck/check.c
		10	+++ b/dosfsck/check.c
		11	@@ -58,6 +58,13 @@ static DOS_FILE *root;
		12	} \
		13	} while(0)
		14
		15	+static void de_printf(DIR_ENT de, const char pattern, int curr_num)
		16	+{
		17	+ char buffer[12];
		18	+ sprintf(buffer, pattern, curr_num);
		19	+ memcpy(de->name, buffer, 8);
		20	+ memcpy(de->ext, buffer + 8, 3);
		21	+}
		22
		23	loff_t alloc_rootdir_entry(DOS_FS fs, DIR_ENT de, const char *pattern)
		24	{
		25	@@ -110,7 +117,8 @@ loff_t alloc_rootdir_entry(DOS_FS fs, DIR_ENT de, const char *pattern)
		26	}
		27	memset(de,0,sizeof(DIR_ENT));
		28	while (1) {
		29	- sprintf(de->name,pattern,curr_num);
		30	+ de_printf(de, pattern, curr_num);
		31	+
		32	clu_num = fs->root_cluster;
		33	i = 0;
		34	offset2 = cluster_start(fs,clu_num);
		35	@@ -150,7 +158,7 @@ loff_t alloc_rootdir_entry(DOS_FS fs, DIR_ENT de, const char *pattern)
		36	offset = fs->root_start+next_free*sizeof(DIR_ENT);
		37	memset(de,0,sizeof(DIR_ENT));
		38	while (1) {
		39	- sprintf(de->name,pattern,curr_num);
		40	+ de_printf(de, pattern, curr_num);
		41	for (scan = 0; scan < fs->root_entries; scan++)
		42	if (scan != next_free &&
		43	!strncmp(root[scan].name,de->name,MSDOS_NAME))
		44	@@ -311,8 +319,8 @@ static void auto_rename(DOS_FILE *file)
		45	first = file->parent ? file->parent->first : root;
		46	number = 0;
		47	while (1) {
		48	- sprintf(file->dir_ent.name,"FSCK%04d",number);
		49	- strncpy(file->dir_ent.ext,"REN",3);
		50	+ de_printf(&file->dir_ent, "FSCK%04dREN", number);
		51	+
		52	for (walk = first; walk; walk = walk->next)
		53	if (walk != file && !strncmp(walk->dir_ent.name,file->dir_ent.
		54	name,MSDOS_NAME)) break;


diff --git a/recipes-devtools/dosfstools/dosfstools_2.11.bb b/recipes-devtools/dosfstools/dosfstools_2.11.bb index dd543b1..37c2181 100644 --- a/recipes-devtools/dosfstools/dosfstools_2.11.bb +++ b/recipes-devtools/dosfstools/dosfstools_2.11.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://pkgs.fedoraproject.org/repo/pkgs/${BPN}/${BP}.src.tar.gz/407d4
19	file://nofat32_autoselect.patch \	19	file://nofat32_autoselect.patch \
20	file://fix_populated_dosfs_creation.patch \	20	file://fix_populated_dosfs_creation.patch \
21	file://0001-Include-fcntl.h-for-getting-loff_t-definition.patch \	21	file://0001-Include-fcntl.h-for-getting-loff_t-definition.patch \
		22	file://fixing-out-of-bound-writes.patch \
22	"	23	"
23		24
24	SRC_URI[md5sum] = "407d405ade410f7597d364ab5dc8c9f6"	25	SRC_URI[md5sum] = "407d405ade410f7597d364ab5dc8c9f6"