From d65e0f1c5ec6bbb52d31c513a9374f89a18a638d Mon Sep 17 00:00:00 2001 From: yixiangzhike Date: Tue, 16 Dec 2025 12:25:23 +0800 Subject: [PATCH] backport community patches --- ...-off-by-one-in-maximum-last-sector-c.patch | 46 +++++++++++++++++++ util-linux.spec | 10 +++- 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 backport-libfdisk-dos-fix-off-by-one-in-maximum-last-sector-c.patch diff --git a/backport-libfdisk-dos-fix-off-by-one-in-maximum-last-sector-c.patch b/backport-libfdisk-dos-fix-off-by-one-in-maximum-last-sector-c.patch new file mode 100644 index 0000000..af55150 --- /dev/null +++ b/backport-libfdisk-dos-fix-off-by-one-in-maximum-last-sector-c.patch @@ -0,0 +1,46 @@ +From 578923fe582903628ecc0d2a434af0affa3660d2 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 30 Oct 2025 12:11:43 +0100 +Subject: [PATCH] libfdisk: (dos) fix off-by-one in maximum last sector + calculation + +The get_disk_ranges() function incorrectly capped the last usable +sector at UINT_MAX, which could cause an overflow when calculating +partition size for MBR partition tables. + +MBR stores partition size as a 32-bit value with maximum UINT_MAX. +The partition size is calculated as: size = stop - start + 1 + +For a partition starting at sector 0: +- If stop = UINT_MAX: size = UINT_MAX + 1 (overflow!) +- If stop = UINT_MAX - 1: size = UINT_MAX (correct maximum) + +This fixes the inconsistency where dos_init() correctly warns about +disks larger than UINT_MAX sectors (2TiB - 512 bytes for 512-byte +sectors), but get_disk_ranges() allowed creating partitions that +would overflow the 32-bit size field. + +Addresses: https://issues.redhat.com/browse/RHEL-122367 +Signed-off-by: Karel Zak +--- + libfdisk/src/dos.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libfdisk/src/dos.c b/libfdisk/src/dos.c +index db7e25716..c88d2a4f2 100644 +--- a/libfdisk/src/dos.c ++++ b/libfdisk/src/dos.c +@@ -1241,8 +1241,8 @@ static int get_disk_ranges(struct fdisk_context *cxt, int logical, + else + *last = cxt->total_sectors - 1; + +- if (*last > UINT_MAX) +- *last = UINT_MAX; ++ if (*last >= UINT_MAX) ++ *last = UINT_MAX - 1; + *first = cxt->first_lba; + } + +-- +2.43.0 + diff --git a/util-linux.spec b/util-linux.spec index f78a0f6..9a4a0ce 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 46 +Release: 47 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -180,6 +180,7 @@ Patch6158: backport-Update-setpwnam-c.patch Patch6159: backport-Update-bufflen.patch Patch6160: backport-more-temporarily-ignore-stdin-when-waiting-for-stderr.patch Patch6161: backport-logger-fix-buffer-overflow-when-read-stdin.patch +Patch6162: backport-libfdisk-dos-fix-off-by-one-in-maximum-last-sector-c.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -559,6 +560,13 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Tue Dec 16 2025 yixiangzhike - 2.37.2-47 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport community patches + fix off-by-one in maximum last sector calculation + * Tue Oct 21 2025 yanglongkang - 2.37.2-46 - Type:bugfix - CVE:NA -- Gitee