[e2fsprogs/f21] Fix use after free at end of e2fsck

Fri Nov 14 23:29:47 UTC 2014

commit 9bc396df66af664a8b394e3931cbd9bed36cb1eb
Author: Eric Sandeen <sandeen at redhat.com>
Date:   Wed Nov 12 10:25:45 2014 -0600

    Fix use after free at end of e2fsck

 e2fsprogs-1.42.11-fsck-free-ctx.patch |   28 ++++++++++++++++++++++++++++
 e2fsprogs.spec                        |    7 ++++++-
 2 files changed, 34 insertions(+), 1 deletions(-)
---

diff --git a/e2fsprogs-1.42.11-fsck-free-ctx.patch b/e2fsprogs-1.42.11-fsck-free-ctx.patch
new file mode 100644
index 0000000..d391f04
--- /dev/null
+++ b/e2fsprogs-1.42.11-fsck-free-ctx.patch
@@ -0,0 +1,28 @@
+commit a82d88ea99d3c5c21bf538b886da0482bf143fd5
+Author: Darrick J. Wong <darrick.wong at oracle.com>
+Date:   Thu Jul 24 21:03:54 2014 -0400
+
+    e2fsck: free ctx->fs, not fs, at the end of fsck
+    
+    When we call ext2fs_close_free at the end of main(), we need to supply
+    the address of ctx->fs, because the subsequent e2fsck_free_context
+    call will try to access ctx->fs (which is now set to a freed block) to
+    see if it should free the directory block list.  This is clearly not
+    desirable, so fix the problem.
+    
+    Signed-off-by: Darrick J. Wong <darrick.wong at oracle.com>
+    Signed-off-by: Theodore Ts'o <tytso at mit.edu>
+
+diff --git a/e2fsck/unix.c b/e2fsck/unix.c
+index 8d1bdf3..fc05bde 100644
+--- a/e2fsck/unix.c
++++ b/e2fsck/unix.c
+@@ -1774,7 +1774,7 @@ no_journal:
+ 	io_channel_flush(ctx->fs->io);
+ 	print_resource_track(ctx, NULL, &ctx->global_rtrack, ctx->fs->io);
+ 
+-	ext2fs_close_free(&fs);
++	ext2fs_close_free(&ctx->fs);
+ 	free(ctx->journal_name);
+ 
+ 	e2fsck_free_context(ctx);
diff --git a/e2fsprogs.spec b/e2fsprogs.spec
index 7d1eb04..ef937c0 100644
--- a/e2fsprogs.spec
+++ b/e2fsprogs.spec
@@ -1,7 +1,7 @@
 Summary: Utilities for managing ext2, ext3, and ext4 filesystems
 Name: e2fsprogs
 Version: 1.42.11
-Release: 3%{?dist}
+Release: 4%{?dist}
 
 # License tags based on COPYING file distinctions for various components
 License: GPLv2
@@ -11,6 +11,7 @@ Source1: ext2_types-wrapper.h
 Source2: e2fsck.conf
 
 Patch1: e2fsprogs-1.40.4-sb_feature_check_ignore.patch
+Patch2: e2fsprogs-1.42.11-fsck-free-ctx.patch
 
 Url: http://e2fsprogs.sourceforge.net/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -150,6 +151,7 @@ It was originally inspired by the Multics SubSystem library.
 # mildly unsafe but 'til I get something better, avoid full fsck
 # after an selinux install...
 %patch1 -p1 -b .featurecheck
+%patch2 -p1
 
 %build
 %configure --enable-elf-shlibs --enable-nls --disable-uuidd --disable-fsck \
@@ -331,6 +333,9 @@ exit 0
 %{_libdir}/pkgconfig/ss.pc
 
 %changelog
+* Fri Nov 14 2014 Eric Sandeen <sandeen at redhat.com> 1.42.11-4
+- Fix use after free at end of fsck (#1164381)
+
 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.42.11-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 
