← Back to branch summary

~ubuntu-branches/ubuntu/lucid/e2fsprogs/lucid-updates

~ubuntu-branches/ubuntu/lucid/e2fsprogs/lucid-updates

« back to all changes in this revision

Viewing changes to lib/ext2fs/closefs.c

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2015-02-16 13:48:39 UTC
mfrom: (40.1.1 lucid-proposed)
Revision ID: package-import@ubuntu.com-20150216134839-oa5u3hz7sp0zbboc

Tags: 1.41.11-1ubuntu2.3

* SECURITY UPDATE: heap overflow via block group descriptor information
  - limit first_meta_bg in lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - properly check against fs->desc_blocks in lib/ext2fs/closefs.c.
  - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a
  - CVE-2015-1572

files modified:
debian/changelog

debian/control

debian/control.in

e2fsck/unix.c

lib/ext2fs/closefs.c

lib/ext2fs/openfs.c

Show diffs side-by-side

added added

removed removed

lib/ext2fs/closefs.c

227

227

dgrp_t j;

228

228

#endif

229

229

char *group_ptr;

230

int old_desc_blocks;

230

blk64_t old_desc_blocks;

231

231

232

232

EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);

233

233

284

284

* superblocks and group descriptors.

285

285

*/

286

286

group_ptr = (char *) group_shadow;

287

if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG)

287

if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {

288

288

old_desc_blocks = fs->super->s_first_meta_bg;

289

else

289

if (old_desc_blocks > fs->desc_blocks)

290

old_desc_blocks = fs->desc_blocks;

291

} else

290

292

old_desc_blocks = fs->desc_blocks;

291

293

292

294

for (i = 0; i < fs->group_desc_count; i++) {

Older »