public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-fs/fuseiso/, sys-fs/fuseiso/files/
Date: Sun, 19 Jul 2020 19:08:50 +0000 (UTC)	[thread overview]
Message-ID: <1595185577.675031ceeb5731701376347641f857d3d00c8322.sam@gentoo> (raw)

commit:     675031ceeb5731701376347641f857d3d00c8322
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 19 19:06:17 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 19 19:06:17 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=675031ce

sys-fs/fuseiso: revbump for security patches

This fixes CVE-2015-8837 and another possible
vulnerability using patches from Debian.

Bug: https://bugs.gentoo.org/713328
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/fuseiso-20070708-CVE-2015-8837.patch     | 35 ++++++++++++++++++++++
 .../files/fuseiso-20070708-integer-overflow.patch  | 16 ++++++++++
 sys-fs/fuseiso/fuseiso-20070708-r3.ebuild          | 28 +++++++++++++++++
 3 files changed, 79 insertions(+)

diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch
new file mode 100644
index 00000000000..1e760fd89f6
--- /dev/null
+++ b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch
@@ -0,0 +1,35 @@
+Description: Prevent stack-based buffer overflow on too-long path names
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+
+--- a/src/isofs.c
++++ b/src/isofs.c
+@@ -1532,13 +1532,23 @@
+             if(path[1] != '\0') { // not root dir
+                 strcat(absolute_entry, "/");
+             };
+-            strcat(absolute_entry, entry);
+-            if(g_hash_table_lookup(lookup_table, absolute_entry)) {
+-                // already in lookup cache
++
++            if(strlen(absolute_entry) + strlen(entry) <= PATH_MAX-1) {
++                strcat(absolute_entry, entry);
++                if(g_hash_table_lookup(lookup_table, absolute_entry)) {
++                    // already in lookup cache
++                    isofs_free_inode(inode);
++                } else {
++                    g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode);
++                };
++            }
++            else {
++                printf("readdir: absolute path name for entry '%s' exceeding PATH_MAX (%d)\n", entry, PATH_MAX);
+                 isofs_free_inode(inode);
+-            } else {
+-                g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode);
+-            };
++                free(buf);
++                free(entry);
++                return -EIO;
++            }
+             
+             free(entry);
+             

diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch
new file mode 100644
index 00000000000..83c2c9451a6
--- /dev/null
+++ b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch
@@ -0,0 +1,16 @@
+Description: Prevent integer overflow in ZISO code
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+
+--- a/src/isofs.c
++++ b/src/isofs.c
+@@ -1618,6 +1618,10 @@
+ };
+ 
+ static int isofs_real_read_zf(isofs_inode *inode, char *out_buf, size_t size, off_t offset) {
++    if( inode->zf_block_shift > 17 ) {
++        fprintf(stderr, "isofs_real_read_zf: can't handle ZF block size of 2^%d\n", inode->zf_block_shift);
++        return -EIO;
++    }
+     int zf_block_size = 1 << inode->zf_block_shift;
+     int zf_start = offset / zf_block_size;
+     int zf_end = (offset + size) / zf_block_size;

diff --git a/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild
new file mode 100644
index 00000000000..a49b359127b
--- /dev/null
+++ b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DESCRIPTION="Fuse module to mount ISO9660"
+HOMEPAGE="https://sourceforge.net/projects/fuseiso"
+SRC_URI="http://superb-dca2.dl.sourceforge.net/project/${PN}/${PN}/${PV}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+
+RDEPEND="sys-fs/fuse:0=
+	sys-libs/zlib
+	dev-libs/glib:2"
+
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+DOCS=( AUTHORS ChangeLog NEWS README )
+
+PATCHES=(
+	"${FILESDIR}/${P}-largeiso.patch"
+	"${FILESDIR}/${P}-fix-typo.patch"
+	"${FILESDIR}/${P}-CVE-2015-8837.patch"
+	"${FILESDIR}/${P}-integer-overflow.patch"
+)


                 reply	other threads:[~2020-07-19 19:09 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1595185577.675031ceeb5731701376347641f857d3d00c8322.sam@gentoo \
    --to=sam@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox