2 files changed, 62 insertions, 3 deletions

diff --git a/sysutils/e2fsprogs/Makefile b/sysutils/e2fsprogs/Makefile
index 6f85bc76fa02..5a834231acce 100644
--- a/sysutils/e2fsprogs/Makefile
+++ b/sysutils/e2fsprogs/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	e2fsprogs
 PORTVERSION=	1.45.5
-PORTREVISION?=	3
+PORTREVISION?=	4
 CATEGORIES?=	sysutils
 MASTER_SITES=	KERNEL_ORG/linux/kernel/people/tytso/${PORTNAME}/v${PORTVERSION}
 
@@ -16,8 +16,6 @@ LICENSE_FILE?=	${WRKSRC}/NOTICE
 .endif
 LICENSE_DISTFILES_GPLv2+ =	${DISTNAME}${EXTRACT_SUFX}
 
-PORTSCOUT=	ignore	# cannot handle the version in the directory
-
 USES=		cpe gmake makeinfo pkgconfig tar:xz
 CPE_VENDOR=	e2fsprogs_project
 USE_CSTD=	gnu99
@@ -47,6 +45,8 @@ CPPFLAGS+=	-I${WRKSRC}/lib -I${LOCALBASE}/include # -D_EXT2_USE_C_VERSIONS
 MAKE_ARGS+=	pkgconfigdir='${PREFIX}/libdata/pkgconfig'
 MAKE_ENV+=	CHECK_CMD=@true
 
+PORTSCOUT=	ignore	# cannot handle the version in the directory
+
 .if !defined(MASTERDIR)
 INSTALL_TARGET=		install install-libs
 
diff --git a/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c b/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c
new file mode 100644
index 000000000000..3fd9c81660e4
--- /dev/null
+++ b/sysutils/e2fsprogs/files/patch-lib_ext2fs_swapfs.c
@@ -0,0 +1,59 @@
+Author: Theodore Ts'o <tytso@mit.edu>
+
+    libext2fs: avoid array buffer overruns caused by insane directory blocks
+    
+    Reported-by: canardo909@gmx.com
+    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Additionally line 441 was modified to "return 0" after e-mail exchange
+between Canardo and Theodore. // mandree@FreeBSD.org 2020-02-17
+
+--- lib/ext2fs/swapfs.c.orig	2020-01-06 23:10:17 UTC
++++ lib/ext2fs/swapfs.c
+@@ -416,10 +416,11 @@ errcode_t ext2fs_dirent_swab_in2(ext2_filsys fs, char 
+ 	errcode_t	retval;
+ 	char		*p, *end;
+ 	struct ext2_dir_entry *dirent;
+-	unsigned int	name_len, rec_len;
++	unsigned int	name_len, rec_len, left;
+ 
+ 	p = (char *) buf;
+ 	end = (char *) buf + size;
++	left = size;
+ 	while (p < end-8) {
+ 		dirent = (struct ext2_dir_entry *) p;
+ 		dirent->inode = ext2fs_swab32(dirent->inode);
+@@ -436,6 +437,9 @@ errcode_t ext2fs_dirent_swab_in2(ext2_filsys fs, char 
+ 			retval = EXT2_ET_DIR_CORRUPTED;
+ 		} else if (((name_len & 0xFF) + 8) > rec_len)
+ 			retval = EXT2_ET_DIR_CORRUPTED;
++		if (rec_len > left)
++			return 0;
++		left -= rec_len;
+ 		p += rec_len;
+ 	}
+ 
+@@ -452,11 +456,12 @@ errcode_t ext2fs_dirent_swab_out2(ext2_filsys fs, char
+ {
+ 	errcode_t	retval;
+ 	char		*p, *end;
+-	unsigned int	rec_len;
++	unsigned int	rec_len, left;
+ 	struct ext2_dir_entry *dirent;
+ 
+ 	p = buf;
+ 	end = buf + size;
++	left = size;
+ 	while (p < end) {
+ 		dirent = (struct ext2_dir_entry *) p;
+ 		retval = ext2fs_get_rec_len(fs, dirent, &rec_len);
+@@ -471,6 +476,9 @@ errcode_t ext2fs_dirent_swab_out2(ext2_filsys fs, char
+ 		dirent->inode = ext2fs_swab32(dirent->inode);
+ 		dirent->rec_len = ext2fs_swab16(dirent->rec_len);
+ 		dirent->name_len = ext2fs_swab16(dirent->name_len);
++		if (rec_len > size)
++			return EXT2_ET_DIR_CORRUPTED;
++		size -= rec_len;
+ 
+ 		if (flags & EXT2_DIRBLOCK_V2_STRUCT)
+ 			dirent->name_len = ext2fs_swab16(dirent->name_len);