From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([209.51.188.92]:43333) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hBOWt-0000Tj-En for guix-patches@gnu.org; Tue, 02 Apr 2019 14:53:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hBOWs-0003Bt-32 for guix-patches@gnu.org; Tue, 02 Apr 2019 14:53:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:56394) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hBOWr-0003Bo-UL for guix-patches@gnu.org; Tue, 02 Apr 2019 14:53:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hBOWr-0002IZ-QC for guix-patches@gnu.org; Tue, 02 Apr 2019 14:53:01 -0400 Subject: [bug#35107] [PATCH] gnu: ntfs-3g: Fix CVE-2019-9755. Resent-Message-ID: Received: from eggs.gnu.org ([209.51.188.92]:43218) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hBOWY-0000KA-Gd for guix-patches@gnu.org; Tue, 02 Apr 2019 14:52:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hBOWX-0002gR-6Q for guix-patches@gnu.org; Tue, 02 Apr 2019 14:52:42 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:49117) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hBOWW-0002e0-TT for guix-patches@gnu.org; Tue, 02 Apr 2019 14:52:41 -0400 Received: from jasmine.lan (pool-71-105-200-72.nycmny.fios.verizon.net [71.105.200.72]) by mail.messagingengine.com (Postfix) with ESMTPA id 6D08B1030F for ; Tue, 2 Apr 2019 14:52:38 -0400 (EDT) From: Leo Famulari Date: Tue, 2 Apr 2019 14:52:34 -0400 Message-Id: <3140c130c5567b91dd2a9a8f28b279096933d39c.1554231154.git.leo@famulari.name> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 35107@debbugs.gnu.org * gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (ntfs-3g)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 1 + .../patches/ntfs-3g-CVE-2019-9755.patch | 72 +++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch diff --git a/gnu/local.mk b/gnu/local.mk index 45598d4e14..a8f162b333 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1085,6 +1085,7 @@ dist_patch_DATA = \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ + %D%/packages/patches/ntfs-3g-CVE-2019-9755.patch \ %D%/packages/patches/nvi-assume-preserve-path.patch \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 9e4261eb02..0763b75c98 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3624,6 +3624,7 @@ from userspace.") (method url-fetch) (uri (string-append "https://tuxera.com/opensource/" "ntfs-3g_ntfsprogs-" version ".tgz")) + (patches (search-patches "ntfs-3g-CVE-2019-9755.patch")) (sha256 (base32 "1mb228p80hv97pgk3myyvgp975r9mxq56c6bdn1n24kngcfh4niy")) diff --git a/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch new file mode 100644 index 0000000000..a7794aed47 --- /dev/null +++ b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch @@ -0,0 +1,72 @@ +Fix CVE-2019-9755: + +https://security-tracker.debian.org/tracker/CVE-2019-9755 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9755 + +Patch copied from upstream source repository: + +https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/ + +From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Wed, 19 Dec 2018 15:57:50 +0100 +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint + +The size check was inefficient because getcwd() uses an unsigned int +argument. +--- + src/lowntfs-3g.c | 6 +++++- + src/ntfs-3g.c | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c +index 993867fa..0660439b 100644 +--- a/src/lowntfs-3g.c ++++ b/src/lowntfs-3g.c +@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c +index 6ce89fef..4e0912ae 100644 +--- a/src/ntfs-3g.c ++++ b/src/ntfs-3g.c +@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +-- +2.21.0 + -- 2.21.0