GNU bug report logs - #35107
[PATCH] gnu: ntfs-3g: Fix CVE-2019-9755.

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 2 Apr 2019 18:53:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 35107 in the body.
You can then email your comments to 35107 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#35107; Package guix-patches. (Tue, 02 Apr 2019 18:53:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Tue, 02 Apr 2019 18:53:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: ntfs-3g: Fix CVE-2019-9755.
Date: Tue,  2 Apr 2019 14:52:34 -0400

* gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (ntfs-3g)[source]: Use it.
---
 gnu/local.mk                                  |  1 +
 gnu/packages/linux.scm                        |  1 +
 .../patches/ntfs-3g-CVE-2019-9755.patch       | 72 +++++++++++++++++++
 3 files changed, 74 insertions(+)
 create mode 100644 gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 45598d4e14..a8f162b333 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1085,6 +1085,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ngircd-handle-zombies.patch		\
   %D%/packages/patches/nss-increase-test-timeout.patch		\
   %D%/packages/patches/nss-pkgconfig.patch			\
+  %D%/packages/patches/ntfs-3g-CVE-2019-9755.patch		\
   %D%/packages/patches/nvi-assume-preserve-path.patch		\
   %D%/packages/patches/nvi-dbpagesize-binpower.patch		\
   %D%/packages/patches/nvi-db4.patch				\
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 9e4261eb02..0763b75c98 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -3624,6 +3624,7 @@ from userspace.")
               (method url-fetch)
               (uri (string-append "https://tuxera.com/opensource/"
                                   "ntfs-3g_ntfsprogs-" version ".tgz"))
+              (patches (search-patches "ntfs-3g-CVE-2019-9755.patch"))
               (sha256
                (base32
                 "1mb228p80hv97pgk3myyvgp975r9mxq56c6bdn1n24kngcfh4niy"))
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch
new file mode 100644
index 0000000000..a7794aed47
--- /dev/null
+++ b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch
@@ -0,0 +1,72 @@
+Fix CVE-2019-9755:
+
+https://security-tracker.debian.org/tracker/CVE-2019-9755
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9755
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/
+
+From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre <at> wanadoo.fr>
+Date: Wed, 19 Dec 2018 15:57:50 +0100
+Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
+
+The size check was inefficient because getcwd() uses an unsigned int
+argument.
+---
+ src/lowntfs-3g.c | 6 +++++-
+ src/ntfs-3g.c    | 6 +++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
+index 993867fa..0660439b 100644
+--- a/src/lowntfs-3g.c
++++ b/src/lowntfs-3g.c
+@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[])
+ 	else {
+ 		ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ 		if (ctx->abs_mnt_point) {
+-			if (getcwd(ctx->abs_mnt_point,
++			if ((strlen(opts.mnt_point) < PATH_MAX)
++			    && getcwd(ctx->abs_mnt_point,
+ 				     PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ 				strcat(ctx->abs_mnt_point, "/");
+ 				strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[])
+ 			/* Solaris also wants the absolute mount point */
+ 				opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++			} else {
++				free(ctx->abs_mnt_point);
++				ctx->abs_mnt_point = (char*)NULL;
+ 			}
+ 		}
+ 	}
+diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
+index 6ce89fef..4e0912ae 100644
+--- a/src/ntfs-3g.c
++++ b/src/ntfs-3g.c
+@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[])
+ 	else {
+ 		ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ 		if (ctx->abs_mnt_point) {
+-			if (getcwd(ctx->abs_mnt_point,
++			if ((strlen(opts.mnt_point) < PATH_MAX)
++			    && getcwd(ctx->abs_mnt_point,
+ 				     PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ 				strcat(ctx->abs_mnt_point, "/");
+ 				strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[])
+ 			/* Solaris also wants the absolute mount point */
+ 				opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++			} else {
++				free(ctx->abs_mnt_point);
++				ctx->abs_mnt_point = (char*)NULL;
+ 			}
+ 		}
+ 	}
+-- 
+2.21.0
+
-- 
2.21.0
Information forwarded to guix-patches <at> gnu.org:
bug#35107; Package guix-patches. (Wed, 03 Apr 2019 20:19:02 GMT) Full text and rfc822 format available.

Message #8 received at 35107 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 35107 <at> debbugs.gnu.org
Subject: Re: [bug#35107] [PATCH] gnu: ntfs-3g: Fix CVE-2019-9755.
Date: Wed, 03 Apr 2019 22:18:08 +0200

Hi Leo,

Leo Famulari <leo <at> famulari.name> skribis:

> * gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/linux.scm (ntfs-3g)[source]: Use it.

LGTM, thanks!

> +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
> +
> +The size check was inefficient because getcwd() uses an unsigned int
> +argument.

Looks like we’re gonna keep seeing these for the rest of our lives…

Ludo’.
Reply sent to Leo Famulari <leo <at> famulari.name>:
You have taken responsibility. (Wed, 03 Apr 2019 22:33:03 GMT) Full text and rfc822 format available.
Notification sent to Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer. (Wed, 03 Apr 2019 22:33:03 GMT) Full text and rfc822 format available.

Message #13 received at 35107-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 35107-done <at> debbugs.gnu.org
Subject: Re: [bug#35107] [PATCH] gnu: ntfs-3g: Fix CVE-2019-9755.
Date: Wed, 3 Apr 2019 18:32:47 -0400

[Message part 1 (text/plain, inline)]
On Wed, Apr 03, 2019 at 10:18:08PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> > +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
> > +
> > +The size check was inefficient because getcwd() uses an unsigned int
> > +argument.
> 
> Looks like we’re gonna keep seeing these for the rest of our lives…

The golden oldies...

Pushed as 6d01a7f4c45716e72bab1231c4cb8c07e4e3fbd7

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 02 May 2019 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 354 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.