summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorAnuj Mittal <anuj.mittal@intel.com>2020-03-09 08:45:01 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-03-10 23:20:34 +0000
commit59a3d9b94141e29c596a3835eee7e398021f6af7 (patch)
tree722278c52d3d280ee5bb62fd55787322e8bb4360 /meta
parent0a9ce59fda57380f8ee08df2f1a2079a6f32009e (diff)
downloadpoky-59a3d9b94141e29c596a3835eee7e398021f6af7.tar.gz
e2fsprogs: fix CVE-2019-5188
Also see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948508 (From OE-Core rev: 09bdcef183d885025da6aa87a7c2bf7e8268774e) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch49
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch57
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb2
3 files changed, 108 insertions, 0 deletions
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
new file mode 100644
index 0000000000..ba4e3a3c97
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
@@ -0,0 +1,49 @@
1From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001
2From: Theodore Ts'o <tytso@mit.edu>
3Date: Thu, 19 Dec 2019 19:45:06 -0500
4Subject: [PATCH] e2fsck: don't try to rehash a deleted directory
5
6If directory has been deleted in pass1[bcd] processing, then we
7shouldn't try to rehash the directory in pass 3a when we try to
8rehash/reoptimize directories.
9
10Signed-off-by: Theodore Ts'o <tytso@mit.edu>
11
12Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3]
13Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
14---
15 e2fsck/pass1b.c | 4 ++++
16 e2fsck/rehash.c | 2 ++
17 2 files changed, 6 insertions(+)
18
19diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c
20index 5693b9cf..bca701ca 100644
21--- a/e2fsck/pass1b.c
22+++ b/e2fsck/pass1b.c
23@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino,
24 fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx);
25 if (ctx->inode_bad_map)
26 ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino);
27+ if (ctx->inode_reg_map)
28+ ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino);
29+ ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino);
30+ ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino);
31 ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode));
32 quota_data_sub(ctx->qctx, &dp->inode, ino,
33 pb.dup_blocks * fs->blocksize);
34diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
35index 3dd1e941..2c908be0 100644
36--- a/e2fsck/rehash.c
37+++ b/e2fsck/rehash.c
38@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx)
39 if (!ext2fs_u32_list_iterate(iter, &ino))
40 break;
41 }
42+ if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino))
43+ continue;
44
45 pctx.dir = ino;
46 if (first) {
47--
482.24.1
49
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
new file mode 100644
index 0000000000..de4bce0037
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
@@ -0,0 +1,57 @@
1From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001
2From: Theodore Ts'o <tytso@mit.edu>
3Date: Thu, 19 Dec 2019 19:37:34 -0500
4Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when
5 rehashing
6
7In e2fsck pass 3a, when we are rehashing directories, at least in
8theory, all of the directories should have had corruptions with
9respect to directory entry structure fixed. However, it's possible
10(for example, if the user declined a fix) that we can reach this stage
11of processing with a corrupted directory entries.
12
13So check for that case and don't try to process a corrupted directory
14block so we don't run into trouble in mutate_name() if there is a
15zero-length file name.
16
17Addresses: TALOS-2019-0973
18Addresses: CVE-2019-5188
19Signed-off-by: Theodore Ts'o <tytso@mit.edu>
20
21CVE: CVE-2019-5188
22Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
23Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff]
24---
25 e2fsck/rehash.c | 9 +++++++++
26 1 file changed, 9 insertions(+)
27
28diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
29index a5fc1be1..3dd1e941 100644
30--- a/e2fsck/rehash.c
31+++ b/e2fsck/rehash.c
32@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs,
33 dir_offset += rec_len;
34 if (dirent->inode == 0)
35 continue;
36+ if ((name_len) == 0) {
37+ fd->err = EXT2_ET_DIR_CORRUPTED;
38+ return BLOCK_ABORT;
39+ }
40 if (!fd->compress && (name_len == 1) &&
41 (dirent->name[0] == '.'))
42 continue;
43@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
44 continue;
45 }
46 new_len = ext2fs_dirent_name_len(ent->dir);
47+ if (new_len == 0) {
48+ /* should never happen */
49+ ext2fs_unmark_valid(fs);
50+ continue;
51+ }
52 memcpy(new_name, ent->dir->name, new_len);
53 mutate_name(new_name, &new_len);
54 for (j=0; j < fd->num_array; j++) {
55--
562.24.1
57
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb
index 6e69eea21c..fc92b77ab6 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb
@@ -7,6 +7,8 @@ SRC_URI += "file://remove.ldconfig.call.patch \
7 file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \ 7 file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \
8 file://0001-configure.ac-correct-AM_GNU_GETTEXT.patch \ 8 file://0001-configure.ac-correct-AM_GNU_GETTEXT.patch \
9 file://0001-intl-do-not-try-to-use-gettext-defines-that-no-longe.patch \ 9 file://0001-intl-do-not-try-to-use-gettext-defines-that-no-longe.patch \
10 file://CVE-2019-5188.patch \
11 file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
10 " 12 "
11 13
12SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \ 14SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \