diff options
Diffstat (limited to 'poky/meta/recipes-devtools/erofs-utils/erofs-utils/CVE-2023-33552-2.patch')
-rw-r--r-- | poky/meta/recipes-devtools/erofs-utils/erofs-utils/CVE-2023-33552-2.patch | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/erofs-utils/erofs-utils/CVE-2023-33552-2.patch b/poky/meta/recipes-devtools/erofs-utils/erofs-utils/CVE-2023-33552-2.patch new file mode 100644 index 0000000000..4d190363b9 --- /dev/null +++ b/poky/meta/recipes-devtools/erofs-utils/erofs-utils/CVE-2023-33552-2.patch @@ -0,0 +1,97 @@ +From 3a360e01058467573bd7239fa430d8dc5fbd60f4 Mon Sep 17 00:00:00 2001 +From: Yue Hu <huyue2@coolpad.com> +Date: Wed, 11 Jan 2023 09:49:27 +0800 +Subject: [PATCH 3/4] erofs-utils: fsck: cleanup erofs_verify_inode_data() + +Diretly call {z_}erofs_read_one_data() to avoid duplicated code. +Accordingly, fragment and partial-referenced plusters are also supported +after this change. + +Signed-off-by: Yue Hu <huyue2@coolpad.com> +Link: https://lore.kernel.org/r/115e61fc9c2d34cab6d3dd78383ac57c94a491fc.1673401718.git.huyue2@coolpad.com +Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com> + +CVE: CVE-2023-33552 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?id=87430c69e1d542928c4519e8fabfd6348a741999] +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + fsck/main.c | 53 ++++++++++------------------------------------------- + 1 file changed, 10 insertions(+), 43 deletions(-) + +diff --git a/fsck/main.c b/fsck/main.c +index 2b6a6dd..92ef17a 100644 +--- a/fsck/main.c ++++ b/fsck/main.c +@@ -366,7 +366,6 @@ static int erofs_verify_inode_data(struct erofs_inode *inode, int outfd) + struct erofs_map_blocks map = { + .index = UINT_MAX, + }; +- struct erofs_map_dev mdev; + int ret = 0; + bool compressed; + erofs_off_t pos = 0; +@@ -427,51 +426,19 @@ static int erofs_verify_inode_data(struct erofs_inode *inode, int outfd) + BUG_ON(!raw); + } + +- mdev = (struct erofs_map_dev) { +- .m_deviceid = map.m_deviceid, +- .m_pa = map.m_pa, +- }; +- ret = erofs_map_dev(&sbi, &mdev); +- if (ret) { +- erofs_err("failed to map device of m_pa %" PRIu64 ", m_deviceid %u @ nid %llu: %d", +- map.m_pa, map.m_deviceid, inode->nid | 0ULL, +- ret); +- goto out; +- } +- +- if (compressed && map.m_llen > buffer_size) { +- buffer_size = map.m_llen; +- buffer = realloc(buffer, buffer_size); +- BUG_ON(!buffer); +- } +- +- ret = dev_read(mdev.m_deviceid, raw, mdev.m_pa, map.m_plen); +- if (ret < 0) { +- erofs_err("failed to read data of m_pa %" PRIu64 ", m_plen %" PRIu64 " @ nid %llu: %d", +- mdev.m_pa, map.m_plen, inode->nid | 0ULL, +- ret); +- goto out; +- } +- + if (compressed) { +- struct z_erofs_decompress_req rq = { +- .in = raw, +- .out = buffer, +- .decodedskip = 0, +- .inputsize = map.m_plen, +- .decodedlength = map.m_llen, +- .alg = map.m_algorithmformat, +- .partial_decoding = 0 +- }; +- +- ret = z_erofs_decompress(&rq); +- if (ret < 0) { +- erofs_err("failed to decompress data of m_pa %" PRIu64 ", m_plen %" PRIu64 " @ nid %llu: %s", +- mdev.m_pa, map.m_plen, +- inode->nid | 0ULL, strerror(-ret)); +- goto out; ++ if (map.m_llen > buffer_size) { ++ buffer_size = map.m_llen; ++ buffer = realloc(buffer, buffer_size); ++ BUG_ON(!buffer); + } ++ ret = z_erofs_read_one_data(inode, &map, raw, buffer, ++ 0, map.m_llen, false); ++ } else { ++ ret = erofs_read_one_data(&map, raw, 0, map.m_plen); + } ++ if (ret) ++ goto out; + + if (outfd >= 0 && write(outfd, compressed ? buffer : raw, + map.m_llen) < 0) { +-- +2.25.1 + |