[meta-filesystems][dunfell][PATCH 7/8] ntfs-3g-ntfsprogs: Fix CVE-2022-30788


Ranjitsinh Rathod
 

From: Omkar Patil <omkar.patil@...>

CVE: CVE-2022-30788

Signed-off-by: Omkar Patil <omkar.patil@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
---
.../ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch | 51 +++++++++++++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch | 30 +++++++++++
.../ntfs-3g-ntfsprogs_2021.8.22.bb | 2 +
3 files changed, 83 insertions(+)
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch
new file mode 100644
index 000000000..fc10af53f
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch
@@ -0,0 +1,51 @@
+From a8818cf779d3a32f2f52337c6f258c16719625a3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Tue, 21 Sep 2021 10:53:16 +0200
+Subject: [PATCH] Used a default usn when the former one cannot be retrieved
+
+When creating a new MFT record, the former seq_no and usn are retrieved
+to avoid the new one to be mistaken for the former one.
+This may not be possible when the record is used for the first time
+or after some bad error. In such situation use default values.
+
+CVE: CVE-2022-30788
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libntfs-3g/mft.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/libntfs-3g/mft.c b/libntfs-3g/mft.c
+index d0a601ff..5052d1ec 100644
+--- a/libntfs-3g/mft.c
++++ b/libntfs-3g/mft.c
+@@ -5,7 +5,7 @@
+ * Copyright (c) 2004-2005 Richard Russon
+ * Copyright (c) 2004-2008 Szabolcs Szakacsits
+ * Copyright (c) 2005 Yura Pakhuchiy
+- * Copyright (c) 2014-2018 Jean-Pierre Andre
++ * Copyright (c) 2014-2021 Jean-Pierre Andre
+ *
+ * This program/include file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as published
+@@ -1529,8 +1529,17 @@ ntfs_inode *ntfs_mft_rec_alloc(ntfs_volume *vol, BOOL mft_data)
+ goto undo_mftbmp_alloc;
+ }
+
++ /*
++ * Retrieve the former seq_no and usn so that the new record
++ * cannot be mistaken for the former one.
++ * However the original record may just be garbage, so
++ * use some sensible value when they cannot be retrieved.
++ */
+ seq_no = m->sequence_number;
+- usn = *(le16*)((u8*)m + le16_to_cpu(m->usa_ofs));
++ if (le16_to_cpu(m->usa_ofs) <= (NTFS_BLOCK_SIZE - 2))
++ usn = *(le16*)((u8*)m + le16_to_cpu(m->usa_ofs & -2));
++ else
++ usn = const_cpu_to_le16(1);
+ if (ntfs_mft_record_layout(vol, bit, m)) {
+ ntfs_log_error("Failed to re-format mft record.\n");
+ free(m);
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch
new file mode 100644
index 000000000..4759296a2
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch
@@ -0,0 +1,30 @@
+From bce5734a757fd59d70a52f4d4fe9abe260629b3a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Tue, 10 May 2022 10:40:17 +0200
+Subject: [PATCH] Fixed operation on little endian data
+
+Forcing an even usa_of, in a recent security patch, must be made on cpu
+endian data.
+
+CVE: CVE-2022-30788
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libntfs-3g/mft.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libntfs-3g/mft.c b/libntfs-3g/mft.c
+index 5052d1ec..aefbb5f1 100644
+--- a/libntfs-3g/mft.c
++++ b/libntfs-3g/mft.c
+@@ -1537,7 +1537,7 @@ ntfs_inode *ntfs_mft_rec_alloc(ntfs_volume *vol, BOOL mft_data)
+ */
+ seq_no = m->sequence_number;
+ if (le16_to_cpu(m->usa_ofs) <= (NTFS_BLOCK_SIZE - 2))
+- usn = *(le16*)((u8*)m + le16_to_cpu(m->usa_ofs & -2));
++ usn = *(le16*)((u8*)m + (le16_to_cpu(m->usa_ofs) & -2));
+ else
+ usn = const_cpu_to_le16(1);
+ if (ntfs_mft_record_layout(vol, bit, m)) {
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index f74e91c93..0da80f8ff 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -14,6 +14,8 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://CVE-2022-30785_30787.patch \
file://CVE-2022-30786-1.patch \
file://CVE-2022-30786-2.patch \
+ file://CVE-2022-30788-1.patch \
+ file://CVE-2022-30788-2.patch \
"

S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.

Join openembedded-devel@lists.openembedded.org to automatically receive all group messages.