rpms/dosfstools/devel dosfstools-3.0.6-bounds.patch, NONE, 1.1 .cvsignore, 1.9, 1.10 dosfstools.spec, 1.39, 1.40 sources, 1.9, 1.10 dosfstools-exit.patch, 1.1, NONE dosfstools-install-p.patch, 1.1, NONE
Lubomir Rintel
lkundrak at fedoraproject.org
Sun Dec 6 11:39:52 UTC 2009
Author: lkundrak
Update of /cvs/pkgs/rpms/dosfstools/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29142
Modified Files:
.cvsignore dosfstools.spec sources
Added Files:
dosfstools-3.0.6-bounds.patch
Removed Files:
dosfstools-exit.patch dosfstools-install-p.patch
Log Message:
* Sun Dec 06 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.6-1
- Bump to newer release
- Fix numerous out-of-bound writes
dosfstools-3.0.6-bounds.patch:
check.c | 12 +++++++++---
dosfsck.h | 2 +-
mkdosfs.c | 3 ++-
3 files changed, 12 insertions(+), 5 deletions(-)
--- NEW FILE dosfstools-3.0.6-bounds.patch ---
From: Lubomir Rintel <lkundrak at v3.sk>
Date: Wed, 2 Dec 2009 22:49:11 +0100
Subject: [PATCH] Fix out-of bound writes
Firstly, packed attribute is added to the structure so that extension
is guarranteed to immediately follow name for the cross-name-extension
reads to succeed.
Secondly, writes into dir_entry->name that span through the extension as
well are split into two, so that FORTIFY_SOURCE's bound checking does
not abort dosfsck. There also was an off-by-one error in auto_rename()'s
sprintf().
diff -up dosfstools-3.0.6/src/check.c.bounds dosfstools-3.0.6/src/check.c
--- dosfstools-3.0.6/src/check.c.bounds 2009-10-04 09:15:58.000000000 +0200
+++ dosfstools-3.0.6/src/check.c 2009-12-06 12:32:42.922639364 +0100
@@ -131,7 +131,10 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, D
}
memset(de,0,sizeof(DIR_ENT));
while (1) {
- sprintf(de->name,pattern,curr_num);
+ char expanded[12];
+ sprintf(expanded, pattern, curr_num);
+ memcpy(de->name+4, expanded, 4);
+ memcpy(de->ext, expanded+4, 3);
clu_num = fs->root_cluster;
i = 0;
offset2 = cluster_start(fs,clu_num);
@@ -349,8 +352,11 @@ static void auto_rename(DOS_FILE *file)
first = file->parent ? file->parent->first : root;
number = 0;
while (1) {
- sprintf(file->dir_ent.name, "FSCK%04d", number / 1000);
- sprintf(file->dir_ent.ext, "%03d", number % 1000);
+ char num[8];
+ sprintf(num, "%07d", number);
+ memcpy(file->dir_ent.name, "FSCK", 4);
+ memcpy(file->dir_ent.name+4, num, 4);
+ memcpy(file->dir_ent.ext, num+4, 3);
for (walk = first; walk; walk = walk->next)
if (walk != file && !strncmp(walk->dir_ent.name,file->dir_ent.
name,MSDOS_NAME)) break;
diff -up dosfstools-3.0.6/src/dosfsck.h.bounds dosfstools-3.0.6/src/dosfsck.h
--- dosfstools-3.0.6/src/dosfsck.h.bounds 2009-10-04 09:15:58.000000000 +0200
+++ dosfstools-3.0.6/src/dosfsck.h 2009-12-06 12:31:49.042643675 +0100
@@ -149,7 +149,7 @@ typedef struct {
__u16 starthi; /* High 16 bits of cluster in FAT32 */
__u16 time,date,start;/* time, date and first cluster */
__u32 size; /* file size (in bytes) */
-} DIR_ENT;
+} __attribute__ ((packed)) DIR_ENT;
typedef struct _dos_file {
DIR_ENT dir_ent;
diff -up dosfstools-3.0.6/src/mkdosfs.c.bounds dosfstools-3.0.6/src/mkdosfs.c
--- dosfstools-3.0.6/src/mkdosfs.c.bounds 2009-10-04 09:15:58.000000000 +0200
+++ dosfstools-3.0.6/src/mkdosfs.c 2009-12-06 12:31:49.048645872 +0100
@@ -1254,7 +1254,8 @@ setup_tables (void)
if ( memcmp(volume_name, " ", 11) )
{
struct msdos_dir_entry *de = &root_dir[0];
- memcpy(de->name, volume_name, 11);
+ memcpy(de->name, volume_name, 8);
+ memcpy(de->ext, volume_name+8, 3);
de->attr = ATTR_VOLUME;
ctime = localtime(&create_time);
de->time = CT_LE_W((unsigned short)((ctime->tm_sec >> 1) +
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/dosfstools/devel/.cvsignore,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- .cvsignore 10 Aug 2009 15:02:00 -0000 1.9
+++ .cvsignore 6 Dec 2009 11:39:52 -0000 1.10
@@ -1 +1 @@
-dosfstools-3.0.1.tar.bz2
+dosfstools-3.0.6.tar.bz2
Index: dosfstools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dosfstools/devel/dosfstools.spec,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -p -r1.39 -r1.40
--- dosfstools.spec 10 Aug 2009 15:02:00 -0000 1.39
+++ dosfstools.spec 6 Dec 2009 11:39:52 -0000 1.40
@@ -1,7 +1,7 @@
Name: dosfstools
Summary: Utilities for making and checking MS-DOS FAT filesystems on Linux
-Version: 3.0.1
-Release: 6%{?dist}
+Version: 3.0.6
+Release: 1%{?dist}
License: GPLv3+
Group: Applications/System
Source0: http://www.daniel-baumann.ch/software/dosfstools/%{name}-%{version}.tar.bz2
@@ -11,9 +11,7 @@ Obsoletes: mkdosfs-ygg
Provides: mkdosfs-ygg = %{version}
# Mailed to Daniel Baumann
-Patch0: dosfstools-install-p.patch
-# Mailed to Daniel Baumann
-Patch1: dosfstools-exit.patch
+Patch0: dosfstools-3.0.6-bounds.patch
%description
The dosfstools package includes the mkdosfs and dosfsck utilities,
@@ -22,8 +20,7 @@ drives or on floppies.
%prep
%setup -q
-%patch0 -p1
-%patch1 -p1
+%patch0 -p1 -b .bounds
%build
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
@@ -42,6 +39,10 @@ rm -rf %{buildroot}
%{_mandir}/man8/*
%changelog
+* Sun Dec 06 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.6-1
+- Bump to newer release
+- Fix numerous out-of-bound writes
+
* Mon Aug 10 2009 Ville Skyttä <ville.skytta at iki.fi> - 3.0.1-6
- Use bzipped upstream tarball.
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/dosfstools/devel/sources,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- sources 10 Aug 2009 15:02:00 -0000 1.9
+++ sources 6 Dec 2009 11:39:52 -0000 1.10
@@ -1 +1 @@
-b8ed17de873367a1782f85c661563411 dosfstools-3.0.1.tar.bz2
+ae64c11d3963cd49758aba2854a60b6e dosfstools-3.0.6.tar.bz2
--- dosfstools-exit.patch DELETED ---
--- dosfstools-install-p.patch DELETED ---
More information about the scm-commits
mailing list