Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: pu
Tags: jessie
Severity: normal
hivex 1.3.10-2+deb8u1 adds two patches from upstream that fix
CVE-2014-9273 and changes nothing else over 1.3.10-2 currently in
jessie. See the attached debdiff for details.
Cheers,
-Hilko
diff -Nru hivex-1.3.10/debian/changelog hivex-1.3.10/debian/changelog
--- hivex-1.3.10/debian/changelog 2014-06-18 22:48:40.000000000 +0200
+++ hivex-1.3.10/debian/changelog 2015-03-07 15:48:17.000000000 +0100
@@ -1,3 +1,10 @@
+hivex (1.3.10-2+deb8u1) testing-proposed-updates; urgency=medium
+
+ * Added upstream patches that fix CVE-2014-9273 ("missing checks for
+ small-sized files in hivex")
+
+ -- Hilko Bengen <ben...@debian.org> Sat, 07 Mar 2015 15:40:54 +0100
+
hivex (1.3.10-2) unstable; urgency=medium
[ Niko Tyni ]
diff -Nru hivex-1.3.10/debian/patches/0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch hivex-1.3.10/debian/patches/0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch
--- hivex-1.3.10/debian/patches/0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch 1970-01-01 01:00:00.000000000 +0100
+++ hivex-1.3.10/debian/patches/0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch 2015-03-07 15:38:46.000000000 +0100
@@ -0,0 +1,32 @@
+From: "Richard W.M. Jones" <rjo...@redhat.com>
+Date: Thu, 30 Oct 2014 13:50:39 +0000
+Subject: handle: Refuse to open files < 8192 bytes in size.
+
+These cannot be valid hives, since they don't contain a full header
+page and at least a single page of data (in other words they couldn't
+contain a root node).
+
+Thanks: Mahmoud Al-Qudsi
+(cherry picked from commit 357f26fa64fd1d9ccac2331fe174a8ee9c607adb)
+---
+ lib/handle.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/lib/handle.c b/lib/handle.c
+index 62a8644..a3cbcf7 100644
+--- a/lib/handle.c
++++ b/lib/handle.c
+@@ -104,6 +104,13 @@ hivex_open (const char *filename, int flags)
+
+ h->size = statbuf.st_size;
+
++ if (h->size < 0x2000) {
++ SET_ERRNO (EINVAL,
++ "%s: file is too small to be a Windows NT Registry hive file",
++ filename);
++ goto error;
++ }
++
+ if (!h->writable) {
+ h->addr = mmap (NULL, h->size, PROT_READ, MAP_SHARED, h->fd, 0);
+ if (h->addr == MAP_FAILED)
diff -Nru hivex-1.3.10/debian/patches/0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch hivex-1.3.10/debian/patches/0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch
--- hivex-1.3.10/debian/patches/0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch 1970-01-01 01:00:00.000000000 +0100
+++ hivex-1.3.10/debian/patches/0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch 2015-03-07 15:38:46.000000000 +0100
@@ -0,0 +1,28 @@
+From: "Richard W.M. Jones" <rjo...@redhat.com>
+Date: Thu, 30 Oct 2014 14:02:25 +0000
+Subject: handle: Check that pages do not extend beyond the end of the file.
+
+Thanks: Mahmoud Al-Qudsi
+(cherry picked from commit 4bbdf555f88baeae0fa804a369a81a83908bd705)
+---
+ lib/handle.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/lib/handle.c b/lib/handle.c
+index a3cbcf7..3a8f09b 100644
+--- a/lib/handle.c
++++ b/lib/handle.c
+@@ -247,6 +247,13 @@ hivex_open (const char *filename, int flags)
+ goto error;
+ }
+
++ if (off + page_size > h->size) {
++ SET_ERRNO (ENOTSUP,
++ "%s: page size %zu at 0x%zx extends beyond end of file, bad registry",
++ filename, page_size, off);
++ goto error;
++ }
++
+ /* Read the blocks in this page. */
+ size_t blkoff;
+ struct ntreg_hbin_block *block;
diff -Nru hivex-1.3.10/debian/patches/series hivex-1.3.10/debian/patches/series
--- hivex-1.3.10/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ hivex-1.3.10/debian/patches/series 2015-03-07 15:38:46.000000000 +0100
@@ -0,0 +1,2 @@
+0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch
+0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch
