[meta-filesystems][dunfell][PATCH 5/8] ntfs-3g-ntfsprogs: Add Patch For Multiple CVE

Home Messages Hashtags Subgroups

#97656

[meta-filesystems][dunfell][PATCH 5/8] ntfs-3g-ntfsprogs: Add Patch For Multiple CVE

Ranjitsinh Rathod #97656 From: Omkar Patil <omkar.patil@...> Fixed CVE's: CVE-2022-30785 CVE-2022-30787 Signed-off-by: Omkar Patil <omkar.patil@...> Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...> --- .../CVE-2022-30785_30787.patch \| 32 +++++++++++++++++++ .../ntfs-3g-ntfsprogs_2021.8.22.bb \| 1 + 2 files changed, 33 insertions(+) create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch new file mode 100644 index 000000000..ae71e8ccf --- /dev/null +++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch @@ -0,0 +1,32 @@ +From fb28eef6f1c26170566187c1ab7dc913a13ea43c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...> +Date: Tue, 10 May 2022 10:48:18 +0200 +Subject: [PATCH] Hardened the checking of directory offset requested by a + readdir + +When asked for the next directory entries, make sure the chunk offset +is within valid values, otherwise return no more entries in chunk. + +CVE: CVE-2022-30785 +CVE: CVE-2022-30787 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz] +Comment: No change in any hunk +Signed-off-by: Omkar Patil <Omkar.Patil@...> + +--- + libfuse-lite/fuse.c \| 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libfuse-lite/fuse.c b/libfuse-lite/fuse.c +index 6f9242b7..3d653e63 100644 +--- a/libfuse-lite/fuse.c ++++ b/libfuse-lite/fuse.c +@@ -2223,7 +2223,7 @@ static void fuse_lib_readdir(fuse_req_t req, fuse_ino_t ino, size_t size, + } + } + if (dh->filled) { +- if (off < dh->len) { ++ if ((off >= 0) && (off < dh->len)) { + if (off + size > dh->len) + size = dh->len - off; + } else diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb index 9e233e127..ea8607e6d 100644 --- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb +++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb @@ -11,6 +11,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \ file://CVE-2021-46790.patch \ file://CVE-2022-30783.patch \ file://CVE-2022-30784.patch \ + file://CVE-2022-30785_30787.patch \ " S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
More All Messages By This Member

#97656

Join {openembedded-devel@lists.openembedded.org to automatically receive all group messages.

Home Hashtags Subgroups Terms