[yocto] [meta-gplv2][PATCH v2] dosfstools: fix out of bound writes
Khem Raj
raj.khem at gmail.com
Mon Nov 11 07:44:58 PST 2019
On Mon, 2019-11-11 at 10:32 +0000, aj.bagwell at gmail.com wrote:
> From: AJ Bagwell <anthony.bagwell at hivehome.com>
>
> Fix write issues where sprintf writes across both name and ext fields
> and drops the final null ternimator outside the struct
>
> Signed-off-by: AJ Bagwell <anthony.bagwell at hivehome.com>
> ---
> .../fixing-out-of-bound-writes.patch | 54
> +++++++++++++++++++
> .../dosfstools/dosfstools_2.11.bb | 1 +
> 2 files changed, 55 insertions(+)
> create mode 100644 recipes-devtools/dosfstools/dosfstools/fixing-
> out-of-bound-writes.patch
>
> diff --git a/recipes-devtools/dosfstools/dosfstools/fixing-out-of-
> bound-writes.patch b/recipes-devtools/dosfstools/dosfstools/fixing-
> out-of-bound-writes.patch
> new file mode 100644
> index 0000000..f80f5ab
> --- /dev/null
> +++ b/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-
> writes.patch
> @@ -0,0 +1,54 @@
> +Fix out of bound write issues where sprintf writes across both
> +name and ext fields and drops the final null ternimator outside the
> struct
> +
> +Upstream-Status: Inappropriate [licensing]
> +We're tracking an old release of dosfstools due to licensing issues.
> +
patch is fine, I wonder if the latest version in OE-Core is also
affected by this issue ?
> +diff --git a/dosfsck/check.c b/dosfsck/check.c
> +index e8c13bb..91177d3 100644
> +--- a/dosfsck/check.c
> ++++ b/dosfsck/check.c
> +@@ -58,6 +58,13 @@ static DOS_FILE *root;
> + }
> \
> + } while(0)
> +
> ++static void de_printf(DIR_ENT *de, const char *pattern, int
> curr_num)
> ++{
> ++ char buffer[12];
> ++ sprintf(buffer, pattern, curr_num);
> ++ memcpy(de->name, buffer, 8);
> ++ memcpy(de->ext, buffer + 8, 3);
> ++}
> +
> + loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const char
> *pattern)
> + {
> +@@ -110,7 +117,8 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT
> *de, const char *pattern)
> + }
> + memset(de,0,sizeof(DIR_ENT));
> + while (1) {
> +- sprintf(de->name,pattern,curr_num);
> ++ de_printf(de, pattern, curr_num);
> ++
> + clu_num = fs->root_cluster;
> + i = 0;
> + offset2 = cluster_start(fs,clu_num);
> +@@ -150,7 +158,7 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT
> *de, const char *pattern)
> + offset = fs->root_start+next_free*sizeof(DIR_ENT);
> + memset(de,0,sizeof(DIR_ENT));
> + while (1) {
> +- sprintf(de->name,pattern,curr_num);
> ++ de_printf(de, pattern, curr_num);
> + for (scan = 0; scan < fs->root_entries; scan++)
> + if (scan != next_free &&
> + !strncmp(root[scan].name,de->name,MSDOS_NAME))
> +@@ -311,8 +319,8 @@ static void auto_rename(DOS_FILE *file)
> + first = file->parent ? file->parent->first : root;
> + number = 0;
> + while (1) {
> +- sprintf(file->dir_ent.name,"FSCK%04d",number);
> +- strncpy(file->dir_ent.ext,"REN",3);
> ++ de_printf(&file->dir_ent, "FSCK%04dREN", number);
> ++
> + for (walk = first; walk; walk = walk->next)
> + if (walk != file && !strncmp(walk->dir_ent.name,file-
> >dir_ent.
> + name,MSDOS_NAME)) break;
> diff --git a/recipes-devtools/dosfstools/dosfstools_2.11.bb
> b/recipes-devtools/dosfstools/dosfstools_2.11.bb
> index dd543b1..37c2181 100644
> --- a/recipes-devtools/dosfstools/dosfstools_2.11.bb
> +++ b/recipes-devtools/dosfstools/dosfstools_2.11.bb
> @@ -19,6 +19,7 @@ SRC_URI = "
> http://pkgs.fedoraproject.org/repo/pkgs/${BPN}/${BP}.src.tar.gz/407d4
> file://nofat32_autoselect.patch \
> file://fix_populated_dosfs_creation.patch \
> file://0001-Include-fcntl.h-for-getting-loff_t-
> definition.patch \
> + file://fixing-out-of-bound-writes.patch \
> "
>
> SRC_URI[md5sum] = "407d405ade410f7597d364ab5dc8c9f6"
> --
> 2.17.1
>
More information about the yocto
mailing list