This addresses a potential security vulnerability where an untrusted
filesystem can be corrupted in such a way that a program using
libext2fs will allocate a buffer which is far too small. This can
lead to either a crash or potentially a heap-based buffer overflow
crash. No known exploits exist, but main concern is where an
untrusted user who possesses privileged access in a guest Xen
environment could corrupt a filesystem which is then accessed by the
pygrub program, running as root in the dom0 host environment, thus
allowing the untrusted user to gain privileged access in the host OS.
Thanks to the McAfee AVERT Research group for reporting this issue.
Addresses CVE-2007-5497.
Signed-off-by: Rafal Wojtczuk <rafal_wojtczuk@mcafee.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
mapping for a particular inode.
Fixed a bug in the libext2 library which broke ext2fs_bmap if no inode structre
was passed inside for here.
Fixed bad calling parameters to parse_ulong which broken the -b and -s
options to debugfs, as well as do_init, and the testb, setb, clearb functions.
Makefile.in: Add message.c and swapfs.c to the list of source files to
build the make depend.
swapfs.c, unix.c: Only support the -s and -S options to e2fsck if
ENABLE_SWAPFS is defined.
Many files:
ext2fs.h, bitops.h, block.c, bmap.c, closefs.c, dirblock.c, inode.c,
native.c, openfs.c, rw_bitmaps.c, swapfs.c: Only include the
byte-swapping logic if ENABLE_SWAPFS is turned on or if we're on a
big-endian machine.
initialize.c (ext2fs_initialize):Use WORDS_BIGENDIAN directly to set
EXT2_FLAG_SWAP_BYTES, instead of using ext2fs_native_flag.
native.c (ext2fs_native_flag): Use WORDS_BIGENDIAN provided by
autoconf to determine whether or not return EXT2_FLAG_SWAP_BYTES.
alloc.c, bb_inode.c, bitmaps.c, bitops.h, block.c, bmap.c, bmove.c,
brel.h, cmp_bitmaps.c, dblist.c, dblist_dir.c, dir_iterate.c,
expanddir.c, ext2fs.h, ext2fsP.h, fileio.c, finddev.c, get_pathname.c,
icount.c, inode.c, irel.h, irel_ma.c, ismounted.c, link.c, lookup.c,
mkdir.c, mkjournal.c, namei.c, newdir.c, read_bb_file.c, test_io.c,
tst_iscan.c, unix_io.c, unlink.c: Change use of ino_t to ext2_ino_t,
to protect applications that attempt to compile
-D_FILE_OFFSET_BITS=64, since this inexplicably changes ino_t(!?). So
we use ext2_ino_t to avoid an unexpected ABI change.
debugfs.c (dump_inode): Remove #ifdef for i_version vs. i_generation
since we know it will always be i_generation now.
ChangeLog, e2fsck.h, flushb.c, scantest.c:
e2fsck.h, flushb.c, scantest.c: Remove uneeded include of linux/fs.h
bmap.c:
Fix silly spelling typo.
ChangeLog, getsize.c, ismounted.c, swapfs.c:
getsize.c, ismounted.c: Remove unneeded include of linux/fs.h
swapfs.c: Remove #ifdef HAVE_EXT2_INODE_VERSION since it's not needed
any more; we know it will always be i_generation. Add support for
swapping the high bits of the uid and gid.
rw_bitmaps.c: Fixed signed/unsigned warnings.
fileio.c (ext2fs_file_set_size): Remove unneeded extern from the
function declaration.
dblist.c (make_dblist): Add safety check in case the dblist pointer
passed in is null (in which case, assign it to fs->dblist). Fixed
some signed/unsigned warnings.
bmap.c: Make addr_per_block be of type blk_t to avoid signed/unsigned
warnings.
namei.c (ext2fs_follow_link): Remove uneeded extern from the function
declaration.
get_pathname.c (get_pathname_proc): Use return value from
ext2fs_get_mem, instead of checking if &gp->name is NULL.
dir_iterate.c (ext2fs_process_dir_block):
dblist_dir.c (ext2fs_dblist_dir_iterate): Remove uneeded extern from
the function declaration.
block.c (ext2fs_block_iterate2): If the read_inode call fails, return
the error directly instead of jumping to the cleanup routine, since we
don't need to do any cleanup.
alloc_table.c (ext2fs_allocate_group_table): Make this function take a
dgrp_t for its group argument.
ext2fs.h: Make dgrp_t an __u32 type, and make fs->desc_group_count be
of type dgrp_t.
ext2fs.h: If __STRICT_ANSI__ is defined and we're on a platform with
32 bit longs, then we need to manually define __s64 and __u64, since
the current kernel header files don't define these if __STRICT_ANSI__
is defined. This is a problem if we are compiling with full GCC
warnings, since we do need 64 bit support.
Makefile.in (OBJS): Remove bmove.o from files to be built, since we're
not using ext2fs_move_blocks() and there is some question as to its
usefulness in its current form.
bmap.c (block_bmap): Remove unused function.
bmove.c (process_block): Fix -Wall warning.
ChangeLog, debugfs.c, debugfs.h, dump.c:
debugfs.h: Add declaration for do_dirty_filsys() to prevent -Wall
warnings.
debugfs.c (copy_file):
dump.c (dump_file): Fix -Wall warning caused by signed/unsigned mismatch.
inode.c (ext2fs_open_inode_scan): Initialize the group variables
so that we don't need to call get_next_blockgroup() the first
time around. Saves a bit of time, and prevents us from
needing to assign -1 to current_group (which is an unsigned
value).
icount.c (insert_icount_el): Cast the estimated number of inodes
from a float to an ino_t.
alloc.c, alloc_tables.c, badlbocks.c, bb_compat.c, bb_inode.c,
bitmaps.c, bitops.c, block.c, bmap.c, bmove.c, brel_ma.c,
check_desc.c, closefs.c, cmp_bitmaps.c, dblist.c,
dblist_dir.c, dir_iterate.c, dirblock.c, dupfs.c, expanddir.c,
ext2fs.h, fileio.c, freefs.c, get_pathname.c, getsize.c,
icount.c, initialize.c, inline.c, inode.c, irel_ma.c,
ismounted.c, link.c, lookup.c, mkdir.c, namei.c, native.c,
newdir.c, openfs.c, read_bb.c, read_bb_file.c, rs_bitmap.c,
rw_bitmaps.c, swapfs.c, test_io.c, tst_badblocks.c,
tst_getsize.c, tst_iscan.c, unix_io.c, unlink.c, valid_blk.c,
version.c: If EXT2_FLAT_INCLUDES is defined, then assume all
of the ext2-specific header files are in a flat directory.
block.c, bmove.c, dirblock.c, fileio.c: Explicitly cast
all assignments from void * to be compatible with C++.
closefs.c (ext2fs_flush): Add a call to io_channel_flush() to
make sure the contents of the disk are flushed to disk.
dblist.c (ext2fs_add_dir_block): Change new to be new_entry to
avoid C++ namespace clash.
bitmaps.c (ext2fs_copy_bitmap): Change new to be new_map to
avoid C++ namespace clash.
ext2fs.h, bb_inode.c, block.c, bmove.c, brel.h, brel_ma.c,
irel.h, irel_ma.c, dblist.c, dblist_dir.c, dir_iterate.c,
ext2fsP.h, expanddir.c, get_pathname.c, inode.c, link.c,
unlink.c: Change private to be priv_data (to avoid C++
namespace clash)
dblist.c (ext2fs_get_num_dirs): Make ext2fs_get_num_dirs more paranoid
about validating the directory counts from the block group
information.
all files: Don't include stdlib.h anymore; include it in ext2_fs.h,
since that file requires stdlib.h
ChangeLog, Makefile.in, dirinfo.c:
dirinfo.c (e2fsck_add_dir_info): Use ext2fs_get_num_dirs instead of
e2fsck_get_num_dirs, which has been removed.
Makefile.in (PROGS): Remove @EXTRA_PROGS@, since we don't want to
compile and install flushb.
ChangeLog, configure.in:
Remove @EXTRA_PROGS@, since we aren't using it in 2fsck/Makefile.in anymore
ChangeLog, Makefile.in:
Install debugfs in /sbin, instead of /usr/sbin.
libext2fs.texinfo:
Update version string to be 1.12
Makefile.in:
Fix bug in find script which made the exclusion list, where a '-' was
missing from an -name option.
Added definition of ext2fs_get_mem, ext2fs_free_mem, and
ext2fs_resize_mem in ext2fs.h, and changed all library routines to use
these wrapper functions.
Fix buggy use of the INLINE macros.
ChangeLog, dblist.c, ext2_err.et.in, mkdir.c:
dblist.c, mkdir.c: use EXT2_DIR_EXISTS and EXT2_DB_NOT_FOUND instead
of the system error messages.
ext2_err.et.in: Added new error messages EXT2_DIR_EXISTS and
EXT2_DB_NOT_FOUND
ext2fs.h: Added function declarations and constants for bmap.c and
fileio.c.
ext2_err.et.in: Added new error messages EXT2_FILE_RO and
EXT2_ET_MAGIC_EXT2_FILE
Makefile.in: Added files bmap.c and fileio.c, and temporarily
commented out brel_ma.c and irel_ma.c
bmap.c: New file which maps a file's logical block number to its
physical block number.
fileio.c: New file which implements simple file reading and writing
primitives.
alloc.c (ext2fs_alloc_block): New function which allocates a block,
zeros it, and updates the filesystem accounting records appropriately.
Theodore Ts'o