diff --git a/.cvsignore b/.cvsignore index 6906d38..27c2dbb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -dosfstools-3.0.1.tar.bz2 +dosfstools-3.0.6.tar.bz2 diff --git a/dosfstools-3.0.6-bounds.patch b/dosfstools-3.0.6-bounds.patch new file mode 100644 index 0000000..724f0fc --- /dev/null +++ b/dosfstools-3.0.6-bounds.patch @@ -0,0 +1,67 @@ +From: Lubomir Rintel +Date: Wed, 2 Dec 2009 22:49:11 +0100 +Subject: [PATCH] Fix out-of bound writes + +Firstly, packed attribute is added to the structure so that extension +is guarranteed to immediately follow name for the cross-name-extension +reads to succeed. + +Secondly, writes into dir_entry->name that span through the extension as +well are split into two, so that FORTIFY_SOURCE's bound checking does +not abort dosfsck. There also was an off-by-one error in auto_rename()'s +sprintf(). + +diff -up dosfstools-3.0.6/src/check.c.bounds dosfstools-3.0.6/src/check.c +--- dosfstools-3.0.6/src/check.c.bounds 2009-10-04 09:15:58.000000000 +0200 ++++ dosfstools-3.0.6/src/check.c 2009-12-06 12:32:42.922639364 +0100 +@@ -131,7 +131,10 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, D + } + memset(de,0,sizeof(DIR_ENT)); + while (1) { +- sprintf(de->name,pattern,curr_num); ++ char expanded[12]; ++ sprintf(expanded, pattern, curr_num); ++ memcpy(de->name+4, expanded, 4); ++ memcpy(de->ext, expanded+4, 3); + clu_num = fs->root_cluster; + i = 0; + offset2 = cluster_start(fs,clu_num); +@@ -349,8 +352,11 @@ static void auto_rename(DOS_FILE *file) + first = file->parent ? file->parent->first : root; + number = 0; + while (1) { +- sprintf(file->dir_ent.name, "FSCK%04d", number / 1000); +- sprintf(file->dir_ent.ext, "%03d", number % 1000); ++ char num[8]; ++ sprintf(num, "%07d", number); ++ memcpy(file->dir_ent.name, "FSCK", 4); ++ memcpy(file->dir_ent.name+4, num, 4); ++ memcpy(file->dir_ent.ext, num+4, 3); + for (walk = first; walk; walk = walk->next) + if (walk != file && !strncmp(walk->dir_ent.name,file->dir_ent. + name,MSDOS_NAME)) break; +diff -up dosfstools-3.0.6/src/dosfsck.h.bounds dosfstools-3.0.6/src/dosfsck.h +--- dosfstools-3.0.6/src/dosfsck.h.bounds 2009-10-04 09:15:58.000000000 +0200 ++++ dosfstools-3.0.6/src/dosfsck.h 2009-12-06 12:31:49.042643675 +0100 +@@ -149,7 +149,7 @@ typedef struct { + __u16 starthi; /* High 16 bits of cluster in FAT32 */ + __u16 time,date,start;/* time, date and first cluster */ + __u32 size; /* file size (in bytes) */ +-} DIR_ENT; ++} __attribute__ ((packed)) DIR_ENT; + + typedef struct _dos_file { + DIR_ENT dir_ent; +diff -up dosfstools-3.0.6/src/mkdosfs.c.bounds dosfstools-3.0.6/src/mkdosfs.c +--- dosfstools-3.0.6/src/mkdosfs.c.bounds 2009-10-04 09:15:58.000000000 +0200 ++++ dosfstools-3.0.6/src/mkdosfs.c 2009-12-06 12:31:49.048645872 +0100 +@@ -1254,7 +1254,8 @@ setup_tables (void) + if ( memcmp(volume_name, " ", 11) ) + { + struct msdos_dir_entry *de = &root_dir[0]; +- memcpy(de->name, volume_name, 11); ++ memcpy(de->name, volume_name, 8); ++ memcpy(de->ext, volume_name+8, 3); + de->attr = ATTR_VOLUME; + ctime = localtime(&create_time); + de->time = CT_LE_W((unsigned short)((ctime->tm_sec >> 1) + diff --git a/dosfstools-exit.patch b/dosfstools-exit.patch deleted file mode 100644 index f9e7f81..0000000 --- a/dosfstools-exit.patch +++ /dev/null @@ -1,16 +0,0 @@ -2009-01-30 Stepan Kasal - - * src/dosfslabel.c (main): After writing the label, exit code - should be 0. - -diff -up dosfstools-3.0.1/src/dosfslabel.c.exit dosfstools-3.0.1/src/dosfslabel.c ---- dosfstools-3.0.1/src/dosfslabel.c.exit 2008-09-28 12:06:37.000000000 +0200 -+++ dosfstools-3.0.1/src/dosfslabel.c 2009-01-30 14:28:47.000000000 +0100 -@@ -122,5 +122,6 @@ int main(int argc, char *argv[]) - } - - write_label(&fs, label); -- return fs_close(rw) ? 1 : 0; -+ fs_close(rw); -+ return 0; - } diff --git a/dosfstools-install-p.patch b/dosfstools-install-p.patch deleted file mode 100644 index 8488c3f..0000000 --- a/dosfstools-install-p.patch +++ /dev/null @@ -1,20 +0,0 @@ -2009-01-30 Stepan Kasal - - * Makefile: Do not clobber time stamps of doc files. - ---- dosfstools-3.0.1/Makefile.p 2008-09-28 12:06:37.000000000 +0200 -+++ dosfstools-3.0.1/Makefile 2009-01-30 12:25:59.000000000 +0100 -@@ -58,11 +58,11 @@ - - install-doc: - install -d -m 0755 $(DESTDIR)/$(DOCDIR)/dosfstools -- install -m 0644 doc/* $(DESTDIR)/$(DOCDIR)/dosfstools -+ install -p -m 0644 doc/* $(DESTDIR)/$(DOCDIR)/dosfstools - - install-man: - install -d -m 0755 $(DESTDIR)/$(MANDIR)/man8 -- install -m 0644 man/*.8 $(DESTDIR)/$(MANDIR)/man8 -+ install -p -m 0644 man/*.8 $(DESTDIR)/$(MANDIR)/man8 - - ln -sf dosfsck.8 $(DESTDIR)/$(MANDIR)/man8/fsck.msdos.8 - ln -sf dosfsck.8 $(DESTDIR)/$(MANDIR)/man8/fsck.vfat.8 diff --git a/dosfstools.spec b/dosfstools.spec index a360c27..dc5f9b1 100644 --- a/dosfstools.spec +++ b/dosfstools.spec @@ -1,7 +1,7 @@ Name: dosfstools Summary: Utilities for making and checking MS-DOS FAT filesystems on Linux -Version: 3.0.1 -Release: 6%{?dist} +Version: 3.0.6 +Release: 1%{?dist} License: GPLv3+ Group: Applications/System Source0: http://www.daniel-baumann.ch/software/dosfstools/%{name}-%{version}.tar.bz2 @@ -11,9 +11,7 @@ Obsoletes: mkdosfs-ygg Provides: mkdosfs-ygg = %{version} # Mailed to Daniel Baumann -Patch0: dosfstools-install-p.patch -# Mailed to Daniel Baumann -Patch1: dosfstools-exit.patch +Patch0: dosfstools-3.0.6-bounds.patch %description The dosfstools package includes the mkdosfs and dosfsck utilities, @@ -22,8 +20,7 @@ drives or on floppies. %prep %setup -q -%patch0 -p1 -%patch1 -p1 +%patch0 -p1 -b .bounds %build make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" @@ -42,6 +39,10 @@ rm -rf %{buildroot} %{_mandir}/man8/* %changelog +* Sun Dec 06 2009 Lubomir Rintel - 3.0.6-1 +- Bump to newer release +- Fix numerous out-of-bound writes + * Mon Aug 10 2009 Ville Skyttä - 3.0.1-6 - Use bzipped upstream tarball. diff --git a/sources b/sources index 7f73024..1d22545 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b8ed17de873367a1782f85c661563411 dosfstools-3.0.1.tar.bz2 +ae64c11d3963cd49758aba2854a60b6e dosfstools-3.0.6.tar.bz2