From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 04/14] e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem
Date: Wed, 8 Jun 2022 04:46:28 -1000 [thread overview]
Message-ID: <b4f9ba859ed1fe5e1d42258fee1dd2e8e85e7eba.1654699348.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1654699348.git.steve@sakoman.com>
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git
MR: 117430
Type: Security Fix
Disposition: Backport from https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76
ChangeID: e6db00c6e8375a2e869fd2e4ead61ca9149eb8fa
Description:
CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../e2fsprogs/e2fsprogs/CVE-2022-1304.patch | 42 +++++++++++++++++++
.../e2fsprogs/e2fsprogs_1.45.7.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch
new file mode 100644
index 0000000000..34e2567b25
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch
@@ -0,0 +1,42 @@
+From a66071ed6a0d1fa666d22dcb78fa6fcb3bf22df3 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 27 May 2022 14:01:50 +0530
+Subject: [PATCH] CVE-2022-1304
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76]
+CVE: CVE-2022-1304
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+---
+ lib/ext2fs/extent.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
+index ac3dbfec9..a1b1905cd 100644
+--- a/lib/ext2fs/extent.c
++++ b/lib/ext2fs/extent.c
+@@ -495,6 +495,10 @@ retry:
+ ext2fs_le16_to_cpu(eh->eh_entries);
+ newpath->max_entries = ext2fs_le16_to_cpu(eh->eh_max);
+
++ /* Make sure there is at least one extent present */
++ if (newpath->left <= 0)
++ return EXT2_ET_EXTENT_NO_DOWN;
++
+ if (path->left > 0) {
+ ix++;
+ newpath->end_blk = ext2fs_le32_to_cpu(ix->ei_block);
+@@ -1630,6 +1634,10 @@ errcode_t ext2fs_extent_delete(ext2_extent_handle_t handle, int flags)
+
+ cp = path->curr;
+
++ /* Sanity check before memmove() */
++ if (path->left < 0)
++ return EXT2_ET_EXTENT_LEAF_BAD;
++
+ if (path->left) {
+ memmove(cp, cp + sizeof(struct ext3_extent_idx),
+ path->left * sizeof(struct ext3_extent_idx));
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb
index 3bc530e02b..3e6faf4cb8 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb
@@ -6,6 +6,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \
file://mkdir_p.patch \
file://0001-configure.ac-correct-AM_GNU_GETTEXT.patch \
file://0001-intl-do-not-try-to-use-gettext-defines-that-no-longe.patch \
+ file://CVE-2022-1304.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
--
2.25.1
next prev parent reply other threads:[~2022-06-08 14:47 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 01/14] Revert "openssl: Backport fix for ptest cert expiry" Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 02/14] openssl: backport fix for ptest certificate expiration Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 03/14] openssl: update the epoch time for ct_test ptest Steve Sakoman
2022-06-08 14:46 ` Steve Sakoman [this message]
2022-06-08 14:46 ` [OE-core][dunfell 05/14] pcre2: CVE-2022-1587 Out-of-bounds read Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 06/14] libxslt: Fix CVE-2021-30560 Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 07/14] libxslt: Mark CVE-2022-29824 as not applying Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 08/14] curl: Backport CVE fixes Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 09/14] curl: Fix CVE_CHECK_WHITELIST typo Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 10/14] cve-check: move update_symlinks to a library Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 11/14] cve-check: write empty fragment files in the text mode Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 12/14] cve-check: add coverage statistics on recipes with/without CVEs Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 13/14] cve-update-db-native: make it possible to disable database updates Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 14/14] linux-yocto/5.4: update to v5.4.196 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b4f9ba859ed1fe5e1d42258fee1dd2e8e85e7eba.1654699348.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.