This addresses a potential security vulnerability where an untrusted
filesystem can be corrupted in such a way that a program using
libext2fs will allocate a buffer which is far too small. This can
lead to either a crash or potentially a heap-based buffer overflow
crash. No known exploits exist, but main concern is where an
untrusted user who possesses privileged access in a guest Xen
environment could corrupt a filesystem which is then accessed by the
pygrub program, running as root in the dom0 host environment, thus
allowing the untrusted user to gain privileged access in the host OS.
Thanks to the McAfee AVERT Research group for reporting this issue.
Addresses CVE-2007-5497.
Signed-off-by: Rafal Wojtczuk <rafal_wojtczuk@mcafee.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
This was causing dumpe2fs to crash on the ARM platform when examining
the badblocks list.
Also reverts an incorrect fix made by changeset 38078f692c20
Addresses Debian Bug: #397044
non-empty bad block list. Resize2fs now discards any blocks on the
badblock list which are no longer part of the filesystem as the result
of a filesystem shrink. (Note: this means that shrinking and then
enlarging a filesystem is no longer a reversible operation;
information about bad blocks in the part of the filesystem
which is to be chopped off will be lost.)
tst_badblocks.c: Update test program to test ext2fs_read_bb_FILE2 and
ext2fs_write_FILE.
write_bb_file.c (ext2fs_write_bb_FILE): New function which writes out
bad blocks list to a file.
read_bb_file.c (ext2fs_read_bb_FILE2): Add new function which changes
the callback function to take two additional arguments; a private
blind pointer supplied by the caller, and pointer to a char *
containing a pointer to the invalid string.
badblocks.c (ext2fs_badblocks_equal): Add new function which returns
true if two badblocks list are equal.
Makefile.in: Remove explicit link of -lc in the shared library. (It
shouldn't be necessary, and is harmful in some cases).
jump.funcs:
dll/jump.funcs: Add new jumptable entries for ext2fs_write_bb_FILE,
ext2fs_read_bb_FILE2, and ext2fs_badblocks_equal.
Makefile.in (tst_badblocks): Add freefs.o to the object list, since
ext2fs_badblocks_list_free was moved to freefs.c.
tst_badblocks.c: Use the newer badblocks API names. Add duplicate
blocks to the test inputs to test dealing with adding blocks which are
already in the badblocks list.
badblocks.c (ext2fs_badblocks_list_add): If appending to the end of
the list, use a shortcut O(1) operations instead of an O(n) operation.
(Idea suggested by David Beattie.)
freefs.c (ext2fs_free): Use ext2fs_badblocks_list_free() instead of
badblocks_list_free(), to save a procedure call.
pass2.c (e2fsck_pass2): Fix the progress accounting so that we get to
100%.
pass3.c (e2fsck_pass3): Change progress accounting to be consistent
with the other e2fsck passes.
e2fsck.c (e2fsck_run): At the end of each pass, call the progress
function with the pass number set to zero.
unix.c (e2fsck_update_progress): If the pass number is zero, ignore
the call, since that indicates that we just want to deallocate any
progress structures.
emptydir.c:
Commit partially done file.
ChangeLog, badblocks.c:
badblocks.c (ext2fs_badblocks_list_add): Use a bigger increment than
10 blocks when we need to expand the size of the badblocks list.
ext2fs.h, bitops.h: Add support for the Watcom C compiler to do inline
functions.
ext2fs.h, dosio.c: Use asm/types.h instead of linux/types.h to evade a
potential problem with glibc's header files trying to spike out
linux/types.h.
ext2fs.h (ext2fs_resize_mem): Change the function prototype to include
the old size of the memory, which is needed for some braindamaged
memory allocation systems that don't support realloc().
badblocks.c (ext2fs_badblocks_list_add):
bb_inode.c (clear_bad_block_proc):
dblist.c (ext2fs_add_dir_block):
icount.c (insert_icount_el):
irel_ma.c (ima_put):
rs_bitmap.c (ext2fs_resize_generic_bitmap): Update functions to pass
the old size of the memory to be resized to ext2fs_resize_mem().
ChangeLog, dirinfo.c:
dirinfo.c (e2fsck_add_dir_info): Update function to pass the old size
of the memory to be resized to ext2fs_resize_mem().
ChangeLog, extent.c, resize2fs.c:
resize2fs.c (adjust_superblock):
extent.c (ext2fs_add_extent_entry): Update functions to pass the old
size of the memory to be resized to ext2fs_resize_mem().
inode.c (ext2fs_open_inode_scan): Initialize the group variables
so that we don't need to call get_next_blockgroup() the first
time around. Saves a bit of time, and prevents us from
needing to assign -1 to current_group (which is an unsigned
value).
icount.c (insert_icount_el): Cast the estimated number of inodes
from a float to an ino_t.
alloc.c, alloc_tables.c, badlbocks.c, bb_compat.c, bb_inode.c,
bitmaps.c, bitops.c, block.c, bmap.c, bmove.c, brel_ma.c,
check_desc.c, closefs.c, cmp_bitmaps.c, dblist.c,
dblist_dir.c, dir_iterate.c, dirblock.c, dupfs.c, expanddir.c,
ext2fs.h, fileio.c, freefs.c, get_pathname.c, getsize.c,
icount.c, initialize.c, inline.c, inode.c, irel_ma.c,
ismounted.c, link.c, lookup.c, mkdir.c, namei.c, native.c,
newdir.c, openfs.c, read_bb.c, read_bb_file.c, rs_bitmap.c,
rw_bitmaps.c, swapfs.c, test_io.c, tst_badblocks.c,
tst_getsize.c, tst_iscan.c, unix_io.c, unlink.c, valid_blk.c,
version.c: If EXT2_FLAT_INCLUDES is defined, then assume all
of the ext2-specific header files are in a flat directory.
block.c, bmove.c, dirblock.c, fileio.c: Explicitly cast
all assignments from void * to be compatible with C++.
closefs.c (ext2fs_flush): Add a call to io_channel_flush() to
make sure the contents of the disk are flushed to disk.
dblist.c (ext2fs_add_dir_block): Change new to be new_entry to
avoid C++ namespace clash.
bitmaps.c (ext2fs_copy_bitmap): Change new to be new_map to
avoid C++ namespace clash.
ext2fs.h, bb_inode.c, block.c, bmove.c, brel.h, brel_ma.c,
irel.h, irel_ma.c, dblist.c, dblist_dir.c, dir_iterate.c,
ext2fsP.h, expanddir.c, get_pathname.c, inode.c, link.c,
unlink.c: Change private to be priv_data (to avoid C++
namespace clash)
dblist.c (ext2fs_get_num_dirs): Make ext2fs_get_num_dirs more paranoid
about validating the directory counts from the block group
information.
all files: Don't include stdlib.h anymore; include it in ext2_fs.h,
since that file requires stdlib.h
ChangeLog, Makefile.in, dirinfo.c:
dirinfo.c (e2fsck_add_dir_info): Use ext2fs_get_num_dirs instead of
e2fsck_get_num_dirs, which has been removed.
Makefile.in (PROGS): Remove @EXTRA_PROGS@, since we don't want to
compile and install flushb.
ChangeLog, configure.in:
Remove @EXTRA_PROGS@, since we aren't using it in 2fsck/Makefile.in anymore
ChangeLog, Makefile.in:
Install debugfs in /sbin, instead of /usr/sbin.
libext2fs.texinfo:
Update version string to be 1.12
Makefile.in:
Fix bug in find script which made the exclusion list, where a '-' was
missing from an -name option.
Added definition of ext2fs_get_mem, ext2fs_free_mem, and
ext2fs_resize_mem in ext2fs.h, and changed all library routines to use
these wrapper functions.
alloc.c (ext2fs_alloc_block): New function which allocates a
block and updates the filesystem accounting records
appropriately.
ext2_err.et.in: Added new error codes: EXT2_NO_MEMORY,
EXT2_INVALID_ARGUMENT, EXT2_BLOCK_ALLOC_FAIL, EXT2_INODE_ALLOC_FAIL,
EXT2_NOT_DIRECTORY
Change various library files to use these functions instead of EINVAL,
ENOENT, etc.
ChangeLog, pass1.c, pass3.c:
pass3.c (get_lost_and_found): Check error return of
EXT2_FILE_NOT_FOUND instead of ENOTDIR
pass1.c (pass1_check_directory): Return EXT2_NO_DIRECTORY instead of
ENOTDIR
expect.icount:
Change expected error string to be "Invalid argument passed to ext2 library"
instead of just "Invalid argument"
block.c (ext2fs_block_iterate2): Use retval which is a errcode_t type.
bitmaps.c (make_bitmap): Use size_t instead of int where appropriate.
bb_inode.c (set_bad_block_proc): Add #pragma argsused for Turbo C.
alloc.c (ext2fs_new_inode): Use ino_t instead of int for the group number.
get_pathname.c: Use ino_t instead of int where appropriate.
ext2fs.h: Make the magic structure element be errcode_t instead of int.
alloc.c alloc_tables.c badblocks.c bb_compat.c bb_inode.c
bitmaps.c block.c bmove.c brel_ma.c check_desc.c closefs.c
cmp_bitmaps.c dblist.c dblist_dir.c dir_iterate.c dirblock.c
dupfs.c expanddir.c freefs.c get_pathname.c icount.c
initialize.c inline.c inode.c irel_ma.c link.c llseek.c
lookup.c mkdir.c namei.c newdir.c read_bb.c read_bb_file.c
rs_bitmap.c rw_bitmaps.c swapfs.c test_io.c tst_badblocks.c
tst_iscan.c unix_io.c unlink.c valid_blk.c version.c: Add an
#ifdef for HAVE_UNISTD_H
Pass the blocksize to the bad blocks command so that all of the
filesystem gets tested in the case where the blocksize 2048 or 4096.
ChangeLog, badblocks.c:
Fix bug where ext2fs_badblocks_list_test would test the list (and
exceed array boundaries) if there were no bad blocks on the bad blocks
list. (Showed up when user tried: mke2fs -c -b 4096).