From b399a206fd1a0c1d525ffa6cf844389ac3a7adaf Mon Sep 17 00:00:00 2001 From: Sven Hoexter Date: Tue, 31 Oct 2023 13:26:11 +0100 Subject: [PATCH] CVE-2023-45897 Add debian/patches/CVE-2023-45897-out-of-bounds-memory-access to fix three out-of-bounds issues. --- debian/changelog | 7 ++ ...CVE-2023-45897-out-of-bounds-memory-access | 67 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 75 insertions(+) create mode 100644 debian/patches/CVE-2023-45897-out-of-bounds-memory-access create mode 100644 debian/patches/series diff --git a/debian/changelog b/debian/changelog index 4824b1f..5507bdf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +exfatprogs (1.2.0-1+deb12u1) UNRELEASED; urgency=medium + + * CVE-2023-45897 Add debian/patches/CVE-2023-45897-out-of-bounds-memory-access + to fix three out-of-bounds issues. + + -- Sven Hoexter Tue, 31 Oct 2023 19:43:18 +0100 + exfatprogs (1.2.0-1) unstable; urgency=medium * New upstream release. diff --git a/debian/patches/CVE-2023-45897-out-of-bounds-memory-access b/debian/patches/CVE-2023-45897-out-of-bounds-memory-access new file mode 100644 index 0000000..85a296f --- /dev/null +++ b/debian/patches/CVE-2023-45897-out-of-bounds-memory-access @@ -0,0 +1,67 @@ +Description: CVE-2023-45897 out-of-bounds memory access +Origin: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf + https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 + https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae +Last-Update: 2023-10-31 +Index: exfatprogs/exfat2img/exfat2img.c +=================================================================== +--- exfatprogs.orig/exfat2img/exfat2img.c ++++ exfatprogs/exfat2img/exfat2img.c +@@ -319,7 +319,7 @@ static int read_file_dentry_set(struct e + if (!node) + return -ENOMEM; + +- for (i = 2; i <= file_de->file_num_ext; i++) { ++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { + ret = exfat_de_iter_get(iter, i, &dentry); + if (ret || dentry->type != EXFAT_NAME) + break; +Index: exfatprogs/fsck/fsck.c +=================================================================== +--- exfatprogs.orig/fsck/fsck.c ++++ exfatprogs/fsck/fsck.c +@@ -769,7 +769,7 @@ ask_again: + char *rename = NULL; + __u16 hash; + struct exfat_dentry *stream_de; +- int name_len, ret; ++ int ret; + + switch (num) { + case 1: +@@ -798,11 +798,11 @@ ask_again: + if (ret < 0) + return ret; + ++ ret >>=1; + memcpy(dentry->name_unicode, utf16_name, ENTRY_NAME_MAX * 2); +- name_len = exfat_utf16_len(utf16_name, ENTRY_NAME_MAX * 2); +- hash = exfat_calc_name_hash(iter->exfat, utf16_name, (int)name_len); ++ hash = exfat_calc_name_hash(iter->exfat, utf16_name, ret); + exfat_de_iter_get_dirty(iter, 1, &stream_de); +- stream_de->stream_name_len = (__u8)name_len; ++ stream_de->stream_name_len = (__u8)ret; + stream_de->stream_name_hash = cpu_to_le16(hash); + } + +@@ -856,7 +856,7 @@ static int read_file_dentry_set(struct e + if (!node) + return -ENOMEM; + +- for (i = 2; i <= file_de->file_num_ext; i++) { ++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { + ret = exfat_de_iter_get(iter, i, &dentry); + if (ret || dentry->type != EXFAT_NAME) { + if (i > 2 && repair_file_ask(iter, NULL, ER_DE_NAME, +Index: exfatprogs/include/exfat_ondisk.h +=================================================================== +--- exfatprogs.orig/include/exfat_ondisk.h ++++ exfatprogs/include/exfat_ondisk.h +@@ -40,6 +40,7 @@ + /* exFAT allows 8388608(256MB) directory entries */ + #define MAX_EXFAT_DENTRIES 8388608 + #define MIN_FILE_DENTRIES 3 ++#define MAX_NAME_DENTRIES 17 + + /* dentry types */ + #define MSDOS_DELETED 0xE5 /* deleted mark */ diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..4449077 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +CVE-2023-45897-out-of-bounds-memory-access -- 2.39.5