From: Omkar Patil <[email protected]> Fixed CVE's: CVE-2022-30785 CVE-2022-30787
Signed-off-by: Omkar Patil <[email protected]> Signed-off-by: Ranjitsinh Rathod <[email protected]> --- .../CVE-2022-30785_30787.patch | 32 +++++++++++++++++++ .../ntfs-3g-ntfsprogs_2021.8.22.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch new file mode 100644 index 000000000..ae71e8ccf --- /dev/null +++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch @@ -0,0 +1,32 @@ +From fb28eef6f1c26170566187c1ab7dc913a13ea43c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <[email protected]> +Date: Tue, 10 May 2022 10:48:18 +0200 +Subject: [PATCH] Hardened the checking of directory offset requested by a + readdir + +When asked for the next directory entries, make sure the chunk offset +is within valid values, otherwise return no more entries in chunk. + +CVE: CVE-2022-30785 +CVE: CVE-2022-30787 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz] +Comment: No change in any hunk +Signed-off-by: Omkar Patil <[email protected]> + +--- + libfuse-lite/fuse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libfuse-lite/fuse.c b/libfuse-lite/fuse.c +index 6f9242b7..3d653e63 100644 +--- a/libfuse-lite/fuse.c ++++ b/libfuse-lite/fuse.c +@@ -2223,7 +2223,7 @@ static void fuse_lib_readdir(fuse_req_t req, fuse_ino_t ino, size_t size, + } + } + if (dh->filled) { +- if (off < dh->len) { ++ if ((off >= 0) && (off < dh->len)) { + if (off + size > dh->len) + size = dh->len - off; + } else diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb index 9e233e127..ea8607e6d 100644 --- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb +++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb @@ -11,6 +11,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \ file://CVE-2021-46790.patch \ file://CVE-2022-30783.patch \ file://CVE-2022-30784.patch \ + file://CVE-2022-30785_30787.patch \ " S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#97656): https://lists.openembedded.org/g/openembedded-devel/message/97656 Mute This Topic: https://lists.openembedded.org/mt/92104303/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
