Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / e2fsprogs / ee01079a17bfecd17292ccd60058056fb3a8ba6c
commitee01079a17bfecd17292ccd60058056fb3a8ba6c[log] [tgz]
authorTheodore Ts'o <tytso@mit.edu>Fri Nov 09 19:01:06 2007 -0500
committerTheodore Ts'o <tytso@mit.edu>Wed Dec 05 21:01:35 2007 -0500
tree9968e184b908372bc30667820cfcd5a16adbb7f5
parent7ce238977a4bc9c5965617d76848477abad0f76a [diff]
libext2fs: Add checks to prevent integer overflows passed to malloc()

This addresses a potential security vulnerability where an untrusted
filesystem can be corrupted in such a way that a program using
libext2fs will allocate a buffer which is far too small.  This can
lead to either a crash or potentially a heap-based buffer overflow
crash.  No known exploits exist, but main concern is where an
untrusted user who possesses privileged access in a guest Xen
environment could corrupt a filesystem which is then accessed by the
pygrub program, running as root in the dom0 host environment, thus
allowing the untrusted user to gain privileged access in the host OS.

Thanks to the McAfee AVERT Research group for reporting this issue.

Addresses CVE-2007-5497.

Signed-off-by: Rafal Wojtczuk <rafal_wojtczuk@mcafee.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
17 files changed
tree: 9968e184b908372bc30667820cfcd5a16adbb7f5
  1. config/
  2. contrib/
  3. debian/
  4. debugfs/
  5. doc/
  6. e2fsck/
  7. ext2ed/
  8. include/
  9. install-utils/
  10. intl/
  11. lib/
  12. misc/
  13. po/
  14. resize/
  15. tests/
  16. util/
  17. .gitignore
  18. .hgignore
  19. .hgtags
  20. .missing-copyright
  21. .release-checklist
  22. ABOUT-NLS
  23. aclocal.m4
  24. configure
  25. configure.in
  26. COPYING
  27. depfix.sed
  28. e2fsprogs.lsm
  29. e2fsprogs.spec.in
  30. INSTALL
  31. INSTALL.elfbin
  32. Makefile.in
  33. MCONFIG.in
  34. README
  35. README.subset
  36. RELEASE-NOTES
  37. SHLIBS
  38. SUBMITTING-PATCHES
  39. TODO
  40. version.h
  41. wordwrap.pl