summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBartłomiej Piotrowski <bpiotrowski@alpinelinux.org>2014-03-11 17:24:35 +0100
committerBartłomiej Piotrowski <bpiotrowski@alpinelinux.org>2014-03-11 17:27:07 +0100
commit2be93bcc8f6b6da8610f39e322749b00bbf1ca74 (patch)
tree907263e19d3ba93e47fe96e471edc0717ed15b37
parent5cd009b22069b1bbe1208d9d61721b906709fc6e (diff)
downloadaports-2be93bcc8f6b6da8610f39e322749b00bbf1ca74.tar.bz2
aports-2be93bcc8f6b6da8610f39e322749b00bbf1ca74.tar.xz
main/udisks: security fix for CVE-2014-0004
Diffstat
-rw-r--r--main/udisks/APKBUILD12
-rw-r--r--main/udisks/CVE-2014-0004.patch83
2 files changed, 93 insertions, 2 deletions
diff --git a/main/udisks/APKBUILD b/main/udisks/APKBUILD
index 7af031018..60a0b480c 100644
--- a/main/udisks/APKBUILD
+++ b/main/udisks/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=udisks
pkgver=1.0.4
-pkgrel=3
+pkgrel=4
pkgdesc="Disk Management Service"
url="http://www.freedesktop.org/wiki/Software/udisks"
arch="all"
@@ -15,6 +15,7 @@ install=
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
source="http://hal.freedesktop.org/releases/$pkgname-$pkgver.tar.gz
udisks-uhelper.patch
+ CVE-2014-0004.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -53,4 +54,11 @@ package() {
}
md5sums="86c63b2b5484f2060499a052b5b6256b udisks-1.0.4.tar.gz
-8d522b2bf6e63c981ece6120f93cc201 udisks-uhelper.patch"
+8d522b2bf6e63c981ece6120f93cc201 udisks-uhelper.patch
+55a027cbee416985f9998bd8fbd016d3 CVE-2014-0004.patch"
+sha256sums="854b89368733b9c3a577101b761ad5397ae75a05110c8698ac5b29de9a8bf8f5 udisks-1.0.4.tar.gz
+901ddac064e522e6eaa70c095a07e43bc1ce66246bdef775833a6adf29428253 udisks-uhelper.patch
+742b9b601a630943f536ce102a447dafbe4cfdfe288a08d467a09750ee1f41fe CVE-2014-0004.patch"
+sha512sums="8c9ac4e234cd7680ab1b024dfa9786ec127961c6bbcef352f7bac09972a39632b824587718177ed35bf036702d716bc893a8f71a374bf99de79342a46907a8ac udisks-1.0.4.tar.gz
+f96d9626d1361af5ff80bd9a57a5adac2d7a0a12b1f47c446a623fe64c4e58f0e6d591bbc2ad7ca619fee09706fe13e8692f86219f2cc3ef825f055f765af2ce udisks-uhelper.patch
+9fc10a89c5ee0e3a30439430425dc849e115f6651ca1cec3bf067b5f70a8785c81c99b2eb4f8e799bbb4e17fd2544fb42662bbda368bdb2d34286b708ec9c43a CVE-2014-0004.patch"
diff --git a/main/udisks/CVE-2014-0004.patch b/main/udisks/CVE-2014-0004.patch
new file mode 100644
index 000000000..37150a2c5
--- /dev/null
+++ b/main/udisks/CVE-2014-0004.patch
@@ -0,0 +1,83 @@
+From ebf61ed8471a45cf8bce7231de00cb1bbc140708 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Wed, 05 Mar 2014 13:07:44 +0000
+Subject: Fix buffer overflow in mount path parsing
+
+In the mount monitor we parse mount points from /proc/self/mountinfo. Ensure
+that we don't overflow the buffers on platforms where mount paths could be
+longer than PATH_MAX (unknown if that can actually happen), as at least the
+mount paths for hotpluggable devices are somewhat user-controlled.
+
+Thanks to Florian Weimer for discovering this bug, and to David Zeuthen
+for his initial patch!
+
+CVE-2014-0004
+---
+diff --git a/src/mount-monitor.c b/src/mount-monitor.c
+index d541deb..573a69c 100644
+--- a/src/mount-monitor.c
++++ b/src/mount-monitor.c
+@@ -39,6 +39,11 @@
+ #include "mount.h"
+ #include "private.h"
+
++/* build a %Ns format string macro with N == PATH_MAX */
++#define xstr(s) str(s)
++#define str(s) #s
++#define PATH_MAX_FMT "%" xstr(PATH_MAX) "s"
++
+ /*--------------------------------------------------------------------------------------------------------------*/
+
+ enum
+@@ -320,8 +325,8 @@ mount_monitor_ensure (MountMonitor *monitor)
+ guint mount_id;
+ guint parent_id;
+ guint major, minor;
+- gchar encoded_root[PATH_MAX];
+- gchar encoded_mount_point[PATH_MAX];
++ gchar encoded_root[PATH_MAX + 1];
++ gchar encoded_mount_point[PATH_MAX + 1];
+ gchar *mount_point;
+ dev_t dev;
+
+@@ -329,7 +334,7 @@ mount_monitor_ensure (MountMonitor *monitor)
+ continue;
+
+ if (sscanf (lines[n],
+- "%d %d %d:%d %s %s",
++ "%d %d %d:%d " PATH_MAX_FMT " " PATH_MAX_FMT,
+ &mount_id,
+ &parent_id,
+ &major,
+@@ -340,6 +345,8 @@ mount_monitor_ensure (MountMonitor *monitor)
+ g_warning ("Error parsing line '%s'", lines[n]);
+ continue;
+ }
++ encoded_root[sizeof encoded_root - 1] = '\0';
++ encoded_mount_point[sizeof encoded_mount_point - 1] = '\0';
+
+ /* ignore mounts where only a subtree of a filesystem is mounted */
+ if (g_strcmp0 (encoded_root, "/") != 0)
+@@ -358,15 +365,17 @@ mount_monitor_ensure (MountMonitor *monitor)
+ sep = strstr (lines[n], " - ");
+ if (sep != NULL)
+ {
+- gchar fstype[PATH_MAX];
+- gchar mount_source[PATH_MAX];
++ gchar fstype[PATH_MAX + 1];
++ gchar mount_source[PATH_MAX + 1];
+ struct stat statbuf;
+
+- if (sscanf (sep + 3, "%s %s", fstype, mount_source) != 2)
++ if (sscanf (sep + 3, PATH_MAX_FMT " " PATH_MAX_FMT, fstype, mount_source) != 2)
+ {
+ g_warning ("Error parsing things past - for '%s'", lines[n]);
+ continue;
+ }
++ fstype[sizeof fstype - 1] = '\0';
++ mount_source[sizeof mount_source - 1] = '\0';
+
+ if (g_strcmp0 (fstype, "btrfs") != 0)
+ continue;
+--
+cgit v0.9.0.2-2-gbebe
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 08:05:13 +0000