Package: e2fsprogs / 1.42.12-2
Metadata
Package | Version | Patches format |
---|---|---|
e2fsprogs | 1.42.12-2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
CVE 2015 1572.patch | (download) |
lib/ext2fs/closefs.c |
4 2 + 2 - 0 ! |
libext2fs: fix potential buffer overflow in closefs() The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if s_first_meta_bg is too big" had a typo in the fix for ext2fs_closefs(). In practice most of the security exposure was from the openfs path, since this meant if there was a carefully crafted file system, buffer overrun would be triggered when the file system was opened. However, if corrupted file system didn't trip over some corruption check, and then the file system was modified via tune2fs or debugfs, such that the superblock was marked dirty and then written out via the closefs() path, it's possible that the buffer overrun could be triggered when the file system is closed. Also clear up a signed vs unsigned warning while we're at it. Thanks to Nick Kralevich <nnk@google.com> for asking me to look at compiler warning in the code in question, which led me to notice the bug in f66e6ce4446. Addresses: CVE-2015-1572 Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
e2fsck use PROMPT_NONE for FUTURE_SB_LAST_ _FUDGED problems.patch | (download) |
e2fsck/problem.c |
8 4 + 4 - 0 ! |
[patch] e2fsck: use prompt_none for future_sb_last_*_fudged problems This allows us to print a message warning the user that there is something funny going on with their hardware clock (probably time zone issues caused by trying to be compatible with legacy OS's such as Windows), without triggering a full file system check. Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
e2fsck fix corruption of Hurd filesystems.patch | (download) |
e2fsck/pass1.c |
14 8 + 6 - 0 ! |
[patch] e2fsck: fix corruption of hurd filesystems Previously, e2fsck accessed the field osd2.linux2.l_i_file_acl_high field without checking that the filesystem is indeed created for Linux. This lead to e2fsck constantly complaining about certain nodes: i_file_acl_hi for inode XXX (/dev/console) is 32, should be zero. By "correcting" this problem, e2fsck would clobber the field osd2.hurd2.h_i_mode_high. Properly guard access to the OS dependent fields. Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
e2fsck fix dangling pointer when dir_info array is resized.patch | (download) |
e2fsck/dirinfo.c |
5 4 + 1 - 0 ! |
[patch] e2fsck: fix dangling pointer when dir_info array is resized e2fsck uses an array to store directory usage information during pass 3; the usage context also contains a pointer to the last directory looked up. When expanding the dir_info array, this cache pointer needs to be cleared if the array resize changed the pointer location, or else we'll later walk off the end of this dead pointer. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reported-by: Sami Liedes <sami.liedes@iki.fi> Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
e2fsck fix free pointer dereferences.patch | (download) |
e2fsck/unix.c |
6 3 + 3 - 0 ! |
[patch 2/2] e2fsck: fix free pointer dereferences Commit 47fee2ef6a23a introduces some free pointer dereference bugs by not clearing ctx->fs after calling ext2fs_close_free(). Reported-by: Matthias Andree <mandree@FreeBSD.org> Cc: Lukas Czerner <lczerner@redhat.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
resize2fs fix fs blocksize dereference after fs has been freed.patch | (download) |
resize/main.c |
18 10 + 8 - 0 ! |
[patch] resize2fs: fix fs->blocksize dereference after fs has been freed Commit 77255cf36944b introduced a use after free bug. Signed-off-by: Theodore Ts'o <tytso@mit.edu> |