GNU bug report logs -
#35107
[PATCH] gnu: ntfs-3g: Fix CVE-2019-9755.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Tue, 2 Apr 2019 18:53:01 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 35107 in the body.
You can then email your comments to 35107 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#35107
; Package
guix-patches
.
(Tue, 02 Apr 2019 18:53:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Tue, 02 Apr 2019 18:53:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (ntfs-3g)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/linux.scm | 1 +
.../patches/ntfs-3g-CVE-2019-9755.patch | 72 +++++++++++++++++++
3 files changed, 74 insertions(+)
create mode 100644 gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 45598d4e14..a8f162b333 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1085,6 +1085,7 @@ dist_patch_DATA = \
%D%/packages/patches/ngircd-handle-zombies.patch \
%D%/packages/patches/nss-increase-test-timeout.patch \
%D%/packages/patches/nss-pkgconfig.patch \
+ %D%/packages/patches/ntfs-3g-CVE-2019-9755.patch \
%D%/packages/patches/nvi-assume-preserve-path.patch \
%D%/packages/patches/nvi-dbpagesize-binpower.patch \
%D%/packages/patches/nvi-db4.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 9e4261eb02..0763b75c98 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -3624,6 +3624,7 @@ from userspace.")
(method url-fetch)
(uri (string-append "https://tuxera.com/opensource/"
"ntfs-3g_ntfsprogs-" version ".tgz"))
+ (patches (search-patches "ntfs-3g-CVE-2019-9755.patch"))
(sha256
(base32
"1mb228p80hv97pgk3myyvgp975r9mxq56c6bdn1n24kngcfh4niy"))
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch
new file mode 100644
index 0000000000..a7794aed47
--- /dev/null
+++ b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch
@@ -0,0 +1,72 @@
+Fix CVE-2019-9755:
+
+https://security-tracker.debian.org/tracker/CVE-2019-9755
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9755
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/
+
+From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre <at> wanadoo.fr>
+Date: Wed, 19 Dec 2018 15:57:50 +0100
+Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
+
+The size check was inefficient because getcwd() uses an unsigned int
+argument.
+---
+ src/lowntfs-3g.c | 6 +++++-
+ src/ntfs-3g.c | 6 +++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
+index 993867fa..0660439b 100644
+--- a/src/lowntfs-3g.c
++++ b/src/lowntfs-3g.c
+@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[])
+ else {
+ ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ if (ctx->abs_mnt_point) {
+- if (getcwd(ctx->abs_mnt_point,
++ if ((strlen(opts.mnt_point) < PATH_MAX)
++ && getcwd(ctx->abs_mnt_point,
+ PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ strcat(ctx->abs_mnt_point, "/");
+ strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[])
+ /* Solaris also wants the absolute mount point */
+ opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++ } else {
++ free(ctx->abs_mnt_point);
++ ctx->abs_mnt_point = (char*)NULL;
+ }
+ }
+ }
+diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
+index 6ce89fef..4e0912ae 100644
+--- a/src/ntfs-3g.c
++++ b/src/ntfs-3g.c
+@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[])
+ else {
+ ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ if (ctx->abs_mnt_point) {
+- if (getcwd(ctx->abs_mnt_point,
++ if ((strlen(opts.mnt_point) < PATH_MAX)
++ && getcwd(ctx->abs_mnt_point,
+ PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ strcat(ctx->abs_mnt_point, "/");
+ strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[])
+ /* Solaris also wants the absolute mount point */
+ opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++ } else {
++ free(ctx->abs_mnt_point);
++ ctx->abs_mnt_point = (char*)NULL;
+ }
+ }
+ }
+--
+2.21.0
+
--
2.21.0
Information forwarded
to
guix-patches <at> gnu.org
:
bug#35107
; Package
guix-patches
.
(Wed, 03 Apr 2019 20:19:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 35107 <at> debbugs.gnu.org (full text, mbox):
Hi Leo,
Leo Famulari <leo <at> famulari.name> skribis:
> * gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/linux.scm (ntfs-3g)[source]: Use it.
LGTM, thanks!
> +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
> +
> +The size check was inefficient because getcwd() uses an unsigned int
> +argument.
Looks like we’re gonna keep seeing these for the rest of our lives…
Ludo’.
Reply sent
to
Leo Famulari <leo <at> famulari.name>
:
You have taken responsibility.
(Wed, 03 Apr 2019 22:33:03 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>
:
bug acknowledged by developer.
(Wed, 03 Apr 2019 22:33:03 GMT)
Full text and
rfc822 format available.
Message #13 received at 35107-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Wed, Apr 03, 2019 at 10:18:08PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> > +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
> > +
> > +The size check was inefficient because getcwd() uses an unsigned int
> > +argument.
>
> Looks like we’re gonna keep seeing these for the rest of our lives…
The golden oldies...
Pushed as 6d01a7f4c45716e72bab1231c4cb8c07e4e3fbd7
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Thu, 02 May 2019 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 354 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.