aboutsummaryrefslogtreecommitdiffstats
path: root/main/udisks2
diff options
context:
space:
mode:
authorBartłomiej Piotrowski <bpiotrowski@alpinelinux.org>2014-03-11 17:26:58 +0100
committerBartłomiej Piotrowski <bpiotrowski@alpinelinux.org>2014-03-11 17:27:07 +0100
commitb6cba7dd92331547c160ab4b4eb39c92411b00ef (patch)
treefe4598f62eb091ab00aa74649296298dbc3a2ce7 /main/udisks2
parent2be93bcc8f6b6da8610f39e322749b00bbf1ca74 (diff)
downloadaports-b6cba7dd92331547c160ab4b4eb39c92411b00ef.tar.bz2
aports-b6cba7dd92331547c160ab4b4eb39c92411b00ef.tar.xz
main/udisks2: security fix for CVE-2014-0004
Diffstat (limited to 'main/udisks2')
-rw-r--r--main/udisks2/APKBUILD12
-rw-r--r--main/udisks2/CVE-2014-0004.patch106
2 files changed, 114 insertions, 4 deletions
diff --git a/main/udisks2/APKBUILD b/main/udisks2/APKBUILD
index 529c397d2c..5a04a6939b 100644
--- a/main/udisks2/APKBUILD
+++ b/main/udisks2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=udisks2
pkgver=2.1.1
-pkgrel=0
+pkgrel=1
pkgdesc="Disk Manager"
url="http://www.freedesktop.org/wiki/Software/udisks"
arch="all"
@@ -17,6 +17,7 @@ source="http://udisks.freedesktop.org/releases/udisks-$pkgver.tar.bz2
O_CLOEXEC.patch
sys-wait.patch
fix-stdio.patch
+ CVE-2014-0004.patch
"
_builddir="$srcdir"/udisks-$pkgver
@@ -62,12 +63,15 @@ libs() {
md5sums="80e03f312542b800cf3162254b202725 udisks-2.1.1.tar.bz2
fd70ee4163c5bfd9bd474c28a2548c46 O_CLOEXEC.patch
4c7aa82c180c809f565c55325ce9eb20 sys-wait.patch
-0cf34713e15675760cf547e36ac13683 fix-stdio.patch"
+0cf34713e15675760cf547e36ac13683 fix-stdio.patch
+04f75c4bebf1a82af8e0f6a63ae6fcbf CVE-2014-0004.patch"
sha256sums="013b09ff38aa256b89c01525771f4565cb088724d5c8c79b32e9f811e88086fb udisks-2.1.1.tar.bz2
2c325c131e8d66d09ec3ec4f2c022113822c494da37dd2316d87ac4dc721c82b O_CLOEXEC.patch
ed4c6a17a97cc01854c7adde56984cade1da8a58f41c30788f5bcdc428ff26ca sys-wait.patch
-abb9a09fff960eb0ffadd9ba27a2fdff37c7674d9c42ba20251e7ff7b23ba1f1 fix-stdio.patch"
+abb9a09fff960eb0ffadd9ba27a2fdff37c7674d9c42ba20251e7ff7b23ba1f1 fix-stdio.patch
+8699cfc2daed299cc2e89d41a15946698d0bc001238a272fa3b792c28de937b3 CVE-2014-0004.patch"
sha512sums="d232bcf60365c8f5687af2c9f95752c6ed4be1aee218f0e3e509c4da5853714642a622298755516e1b9802a2a7acf04100300dee8d94953360d00f53897a4491 udisks-2.1.1.tar.bz2
269ba55cc755e2a484670258bc530790691b66c9fce9479a2a17d78cff5d52dd1be89290979efd44a0ba82be665f52a356a57f2cbb67951d91fe09d4e24c2a6a O_CLOEXEC.patch
138593a97a35ba405e65d8f207fb16f4e056c09e3f4a51edd4ee8f8aeb37914663bbf0b016a5a0055ef5ec5191f850a3680f1f47fe0b07e9abe0ce01d2c0af0d sys-wait.patch
-205a3a51170082f05c546a3185a929e0aa2659bfdc46e48b8bf48fd12a44ed7e08c41603e32aee670b9303f9791372db9188389b0a8df3f08e9d3fe2be4c67cb fix-stdio.patch"
+205a3a51170082f05c546a3185a929e0aa2659bfdc46e48b8bf48fd12a44ed7e08c41603e32aee670b9303f9791372db9188389b0a8df3f08e9d3fe2be4c67cb fix-stdio.patch
+f86b6a7248bc9ae896664b8addb99cf5242d16fbd93d1c1d9533eabdd3daf8e5c6d074cf9191d570bda1b0e5f408712484931f5a62b076d4ee5d2ec537c5a944 CVE-2014-0004.patch"
diff --git a/main/udisks2/CVE-2014-0004.patch b/main/udisks2/CVE-2014-0004.patch
new file mode 100644
index 0000000000..0c81d16ad2
--- /dev/null
+++ b/main/udisks2/CVE-2014-0004.patch
@@ -0,0 +1,106 @@
+From 24496747b648d1a7bd0d6da1ef3759f035ba1cd6 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Wed, 05 Mar 2014 12:47:15 +0000
+Subject: Fix buffer overflow in mount path parsing
+
+In the mount monitor we parse mount points from /proc/self/mountinfo and
+/proc/swaps. Ensure that we don't overflow the buffers on platforms where mount
+paths could be longer than PATH_MAX (unknown if that can actually happen), as
+at least the mount paths for hotpluggable devices are somewhat user-controlled.
+
+Thanks to Florian Weimer for discovering this bug, and to David Zeuthen
+for his initial patch!
+
+CVE-2014-0004
+---
+diff --git a/src/udisksmountmonitor.c b/src/udisksmountmonitor.c
+index 8af1028..e7097fa 100644
+--- a/src/udisksmountmonitor.c
++++ b/src/udisksmountmonitor.c
+@@ -38,6 +38,11 @@
+ #include "udisksmount.h"
+ #include "udisksprivate.h"
+
++/* build a %Ns format string macro with N == PATH_MAX */
++#define xstr(s) str(s)
++#define str(s) #s
++#define PATH_MAX_FMT "%" xstr(PATH_MAX) "s"
++
+ /**
+ * SECTION:udisksmountmonitor
+ * @title: UDisksMountMonitor
+@@ -416,8 +421,8 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor *monitor,
+ guint mount_id;
+ guint parent_id;
+ guint major, minor;
+- gchar encoded_root[PATH_MAX];
+- gchar encoded_mount_point[PATH_MAX];
++ gchar encoded_root[PATH_MAX + 1];
++ gchar encoded_mount_point[PATH_MAX + 1];
+ gchar *mount_point;
+ dev_t dev;
+
+@@ -425,7 +430,7 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor *monitor,
+ continue;
+
+ if (sscanf (lines[n],
+- "%d %d %d:%d %s %s",
++ "%d %d %d:%d " PATH_MAX_FMT " " PATH_MAX_FMT,
+ &mount_id,
+ &parent_id,
+ &major,
+@@ -436,6 +441,8 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor *monitor,
+ udisks_warning ("Error parsing line '%s'", lines[n]);
+ continue;
+ }
++ encoded_root[sizeof encoded_root - 1] = '\0';
++ encoded_mount_point[sizeof encoded_mount_point - 1] = '\0';
+
+ /* Temporary work-around for btrfs, see
+ *
+@@ -450,15 +457,17 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor *monitor,
+ sep = strstr (lines[n], " - ");
+ if (sep != NULL)
+ {
+- gchar fstype[PATH_MAX];
+- gchar mount_source[PATH_MAX];
++ gchar fstype[PATH_MAX + 1];
++ gchar mount_source[PATH_MAX + 1];
+ struct stat statbuf;
+
+- if (sscanf (sep + 3, "%s %s", fstype, mount_source) != 2)
++ if (sscanf (sep + 3, PATH_MAX_FMT " " PATH_MAX_FMT, fstype, mount_source) != 2)
+ {
+ udisks_warning ("Error parsing things past - for '%s'", lines[n]);
+ continue;
+ }
++ fstype[sizeof fstype - 1] = '\0';
++ mount_source[sizeof mount_source - 1] = '\0';
+
+ if (g_strcmp0 (fstype, "btrfs") != 0)
+ continue;
+@@ -546,7 +555,7 @@ udisks_mount_monitor_get_swaps (UDisksMountMonitor *monitor,
+ lines = g_strsplit (contents, "\n", 0);
+ for (n = 0; lines[n] != NULL; n++)
+ {
+- gchar filename[PATH_MAX];
++ gchar filename[PATH_MAX + 1];
+ struct stat statbuf;
+ dev_t dev;
+
+@@ -557,11 +566,12 @@ udisks_mount_monitor_get_swaps (UDisksMountMonitor *monitor,
+ if (strlen (lines[n]) == 0)
+ continue;
+
+- if (sscanf (lines[n], "%s", filename) != 1)
++ if (sscanf (lines[n], PATH_MAX_FMT, filename) != 1)
+ {
+ udisks_warning ("Error parsing line '%s'", lines[n]);
+ continue;
+ }
++ filename[sizeof filename - 1] = '\0';
+
+ if (stat (filename, &statbuf) != 0)
+ {
+--
+cgit v0.9.0.2-2-gbebe