From c2c2fb4e91ff79748cc575c78527031d160e2337 Mon Sep 17 00:00:00 2001 From: Sven Hoexter Date: Thu, 29 Oct 2015 09:17:03 +0100 Subject: [PATCH] Add d/patches/check-sector-and-cluster-size. Fix for https://github.com/relan/exfat/issues/5 found and reported by The Fuzzing Project. --- debian/changelog | 3 ++ debian/patches/check-sector-and-cluster-size | 48 ++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 52 insertions(+) create mode 100644 debian/patches/check-sector-and-cluster-size create mode 100644 debian/patches/series diff --git a/debian/changelog b/debian/changelog index 37145bf..300f2e9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,9 @@ exfat-utils (1.1.0-3) UNRELEASED; urgency=medium * Add quilt to build-deps. * Add --with quilt to dh invocation in d/rules. + * Add d/patches/check-sector-and-cluster-size. Fix for + https://github.com/relan/exfat/issues/5 found and reported by + The Fuzzing Project. -- Sven Hoexter Thu, 29 Oct 2015 09:03:18 +0100 diff --git a/debian/patches/check-sector-and-cluster-size b/debian/patches/check-sector-and-cluster-size new file mode 100644 index 0000000..98280d1 --- /dev/null +++ b/debian/patches/check-sector-and-cluster-size @@ -0,0 +1,48 @@ +Patch for https://github.com/relan/exfat/issues/5 +See also: +https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html +Index: exfat-utils/libexfat/mount.c +=================================================================== +--- exfat-utils.orig/libexfat/mount.c ++++ exfat-utils/libexfat/mount.c +@@ -208,6 +208,23 @@ int exfat_mount(struct exfat* ef, const + exfat_error("exFAT file system is not found"); + return -EIO; + } ++ /* sector cannot be smaller than 512 bytes */ ++ if (ef->sb->sector_bits < 9) ++ { ++ exfat_close(ef->dev); ++ exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits); ++ free(ef->sb); ++ return -EIO; ++ } ++ /* officially exFAT supports cluster size up to 32 MB */ ++ if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) ++ { ++ exfat_close(ef->dev); ++ exfat_error("too big cluster size: 2^(%hhd+%hhd)", ++ ef->sb->sector_bits, ef->sb->spc_bits); ++ free(ef->sb); ++ return -EIO; ++ } + ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb)); + if (ef->zero_cluster == NULL) + { +@@ -242,16 +259,6 @@ int exfat_mount(struct exfat* ef, const + free(ef->sb); + return -EIO; + } +- /* officially exFAT supports cluster size up to 32 MB */ +- if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) +- { +- free(ef->zero_cluster); +- exfat_close(ef->dev); +- exfat_error("too big cluster size: 2^%d", +- (int) ef->sb->sector_bits + (int) ef->sb->spc_bits); +- free(ef->sb); +- return -EIO; +- } + if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) > + exfat_get_size(ef->dev)) + { diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..64264cf --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +check-sector-and-cluster-size -- 2.39.5