From 7de379eeb6daa1d5e4d1a4a5cfdc21165c749dda Mon Sep 17 00:00:00 2001 From: liuh Date: Thu, 16 Oct 2025 13:52:28 +0800 Subject: [PATCH] hardlink: fix memory corruption in read buffers --- ...ix-memory-corruption-in-read-buffers.patch | 57 +++++++++++++++++++ util-linux.spec | 9 ++- 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 backport-hardlink-fix-memory-corruption-in-read-buffers.patch diff --git a/backport-hardlink-fix-memory-corruption-in-read-buffers.patch b/backport-hardlink-fix-memory-corruption-in-read-buffers.patch new file mode 100644 index 0000000..02df9f9 --- /dev/null +++ b/backport-hardlink-fix-memory-corruption-in-read-buffers.patch @@ -0,0 +1,57 @@ +From 2388d066db0c7282382b1e48454cd17d4832994c Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 13 Jan 2025 12:06:23 +0100 +Subject: [PATCH] hardlink: fix memory corruption in read buffers + +The size of the eq->buf_a and eq->buf_b buffers depends on the +readsize setting. This setting is modified by ul_fileeq_set_size(), so +the buffers need to be resized accordingly. Deallocating is +sufficient, as they will be allocated later with the correct size. + +Addresses: https://github.com/util-linux/util-linux/issues/3330 +Signed-off-by: Karel Zak +--- + lib/fileeq.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/lib/fileeq.c b/lib/fileeq.c +index 2d5038c..c8669d0 100644 +--- a/lib/fileeq.c ++++ b/lib/fileeq.c +@@ -183,6 +183,13 @@ int ul_fileeq_init(struct ul_fileeq *eq, const char *method) + return 0; + } + ++static void reset_fileeq_bufs(struct ul_fileeq *eq) ++{ ++ free(eq->buf_a); ++ free(eq->buf_b); ++ eq->buf_last = eq->buf_a = eq->buf_b = NULL; ++} ++ + void ul_fileeq_deinit(struct ul_fileeq *eq) + { + if (!eq) +@@ -192,8 +199,7 @@ void ul_fileeq_deinit(struct ul_fileeq *eq) + #ifdef USE_FILEEQ_CRYPTOAPI + deinit_crypto_api(eq); + #endif +- free(eq->buf_a); +- free(eq->buf_b); ++ reset_fileeq_bufs(eq); + } + + void ul_fileeq_data_close_file(struct ul_fileeq_data *data) +@@ -281,6 +287,9 @@ size_t ul_fileeq_set_size(struct ul_fileeq *eq, uint64_t filesiz, + + DBG(EQ, ul_debugobj(eq, "set sizes: filesiz=%ju, maxblocks=%" PRIu64 ", readsiz=%zu", + eq->filesiz, eq->blocksmax, eq->readsiz)); ++ ++ reset_fileeq_bufs(eq); ++ + return eq->blocksmax; + } + +-- +2.43.0 + diff --git a/util-linux.spec b/util-linux.spec index 0d64f88..189d984 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.40.4 -Release: 11 +Release: 12 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -45,6 +45,7 @@ Patch6023: backport-revert-libblkid-ext-add-checksum-support.patch Patch6024: backport-lsblk-use-md-as-fallback-TYPE-when-md-level-empty.patch Patch6025: backport-lsblk-fix-memory-leak.patch Patch6026: backport-lsblk-fix-possible-use-after-free.patch +Patch6027: backport-hardlink-fix-memory-corruption-in-read-buffers.patch Patch9000: SKIPPED-no-root-permissions-test.patch Patch9001: util-linux-Add-sw64-architecture.patch @@ -412,6 +413,12 @@ fi %endif %changelog +* Thu Oct 16 2025 liuh - 2.40.4-12 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport-hardlink-fix-memory-corruption-in-read-buffers.patch + * Fri Sep 19 2025 cenhuilin - 2.40.4-11 - Type:bugfix - CVE:NA -- Gitee