Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hi, since exfat-utils and fuse-exfat share the same code base, but are released as seperate source packages, I've now prepared updates for fuse-exfat as well to fix the issues found by The Fuzzing Project. Changes: fuse-exfat (1.1.0-2+deb8u1) jessie; urgency=medium . * Add the fix for https://github.com/relan/exfat/issues/5 found and reported by The Fuzzing Project. Check sector and cluster size. * Add the fix for https://github.com/relan/exfat/issues/6 found and reported by The Fuzzing Project. Detect infinite loop. -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff -u fuse-exfat-1.1.0/debian/changelog fuse-exfat-1.1.0/debian/changelog --- fuse-exfat-1.1.0/debian/changelog +++ fuse-exfat-1.1.0/debian/changelog @@ -1,3 +1,12 @@ +fuse-exfat (1.1.0-2+deb8u1) jessie; urgency=medium + + * Add the fix for https://github.com/relan/exfat/issues/5 found + and reported by The Fuzzing Project. Check sector and cluster size. + * Add the fix for https://github.com/relan/exfat/issues/6 found + and reported by The Fuzzing Project. Detect infinite loop. + + -- Sven Hoexter <hoex...@debian.org> Fri, 06 Nov 2015 08:08:13 +0100 + fuse-exfat (1.1.0-2) unstable; urgency=low * Remove debian/watch - recent changes at Google code required diff -u fuse-exfat-1.1.0/debian/gbp.conf fuse-exfat-1.1.0/debian/gbp.conf --- fuse-exfat-1.1.0/debian/gbp.conf +++ fuse-exfat-1.1.0/debian/gbp.conf @@ -2,0 +3 @@ +debian-branch = jessie-updates only in patch2: unchanged: --- fuse-exfat-1.1.0.orig/libexfat/mount.c +++ fuse-exfat-1.1.0/libexfat/mount.c @@ -30,23 +30,32 @@ static uint64_t rootdir_size(const struct exfat* ef) { - uint64_t clusters = 0; + uint32_t clusters = 0; + uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count); cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster); - while (!CLUSTER_INVALID(rootdir_cluster)) + /* Iterate all clusters of the root directory to calculate its size. + It can't be contiguous because there is no flag to indicate this. */ + do { - clusters++; - /* root directory cannot be contiguous because there is no flag - to indicate this */ + if (clusters == clusters_max) /* infinite loop detected */ + { + exfat_error("root directory cannot occupy all %d clusters", + clusters); + return 0; + } + if (CLUSTER_INVALID(rootdir_cluster)) + { + exfat_error("bad cluster %#x while reading root directory", + rootdir_cluster); + return 0; + } rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster); + clusters++; } - if (rootdir_cluster != EXFAT_CLUSTER_END) - { - exfat_error("bad cluster %#x while reading root directory", - rootdir_cluster); - return 0; - } - return clusters * CLUSTER_SIZE(*ef->sb); + while (rootdir_cluster != EXFAT_CLUSTER_END); + + return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb); } static const char* get_option(const char* options, const char* option_name) @@ -208,6 +217,23 @@ exfat_error("exFAT file system is not found"); return -EIO; } + /* sector cannot be smaller than 512 bytes */ + if (ef->sb->sector_bits < 9) + { + exfat_close(ef->dev); + exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits); + free(ef->sb); + return -EIO; + } + /* officially exFAT supports cluster size up to 32 MB */ + if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) + { + exfat_close(ef->dev); + exfat_error("too big cluster size: 2^(%hhd+%hhd)", + ef->sb->sector_bits, ef->sb->spc_bits); + free(ef->sb); + return -EIO; + } ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb)); if (ef->zero_cluster == NULL) { @@ -242,16 +268,6 @@ free(ef->sb); return -EIO; } - /* officially exFAT supports cluster size up to 32 MB */ - if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) - { - free(ef->zero_cluster); - exfat_close(ef->dev); - exfat_error("too big cluster size: 2^%d", - (int) ef->sb->sector_bits + (int) ef->sb->spc_bits); - free(ef->sb); - return -EIO; - } if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) > exfat_get_size(ef->dev)) {