diff --git a/0004-udisksctl-Guard-object-lookup.patch b/0004-udisksctl-Guard-object-lookup.patch new file mode 100644 index 0000000000000000000000000000000000000000..0ef3c91565ab56b2ce000f32309db6ab94b312eb --- /dev/null +++ b/0004-udisksctl-Guard-object-lookup.patch @@ -0,0 +1,75 @@ +From ad83cfb26c2dd8d4532a634e105baaee76441c8f Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Mon, 3 Jun 2024 17:50:38 +0800 +Subject: [PATCH] udisksctl: Guard object lookup + +Added extra checks for object validity when looking up physical +device through a drive. Reproducible e.g. by calling 'power-off' +over a LUKS container. +--- + tools/udisksctl.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/tools/udisksctl.c b/tools/udisksctl.c +index 3b0a48e..c020879 100644 +--- a/tools/udisksctl.c ++++ b/tools/udisksctl.c +@@ -2002,6 +2002,7 @@ handle_command_smart_simulate (gint *argc, + { + UDisksObject *block_object; + UDisksDrive *drive; ++ + block_object = lookup_object_by_device (opt_smart_simulate_device); + if (block_object == NULL) + { +@@ -2009,7 +2010,19 @@ handle_command_smart_simulate (gint *argc, + goto out; + } + drive = udisks_client_get_drive_for_block (client, udisks_object_peek_block (block_object)); ++ if (drive == NULL) ++ { ++ g_printerr ("Error looking up drive for device %s\n", opt_smart_simulate_device); ++ g_object_unref (block_object); ++ goto out; ++ } + object = (UDisksObject *) g_dbus_interface_dup_object (G_DBUS_INTERFACE (drive)); ++ if (object == NULL) ++ { ++ g_printerr ("Error looking up object for device %s\n", opt_smart_simulate_device); ++ g_object_unref (block_object); ++ goto out; ++ } + g_object_unref (block_object); + } + else +@@ -2243,6 +2256,7 @@ handle_command_power_off (gint *argc, + { + UDisksObject *block_object; + UDisksDrive *drive; ++ + block_object = lookup_object_by_device (opt_power_off_device); + if (block_object == NULL) + { +@@ -2250,7 +2264,19 @@ handle_command_power_off (gint *argc, + goto out; + } + drive = udisks_client_get_drive_for_block (client, udisks_object_peek_block (block_object)); ++ if (drive == NULL) ++ { ++ g_printerr ("Error looking up drive for device %s\n", opt_power_off_device); ++ g_object_unref (block_object); ++ goto out; ++ } + object = (UDisksObject *) g_dbus_interface_dup_object (G_DBUS_INTERFACE (drive)); ++ if (object == NULL) ++ { ++ g_printerr ("Error looking up object for device %s\n", opt_power_off_device); ++ g_object_unref (block_object); ++ goto out; ++ } + g_object_unref (block_object); + } + else +-- +2.33.0 + diff --git a/udisks2.spec b/udisks2.spec index f2e5546ceba66ec1247726cb00f85aa3d238da63..c34780cf551e7884c811a6f2b862407cbbc6c644 100644 --- a/udisks2.spec +++ b/udisks2.spec @@ -59,7 +59,7 @@ Name: udisks2 Summary: Disk Manager Version: 2.9.0 -Release: 5 +Release: 6 License: GPL-2.0+ and LGPL-2.0+ Group: System Environment/Libraries URL: https://github.com/storaged-project/udisks @@ -68,6 +68,7 @@ Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{v Patch1: 0001-udiskslinuxmountoptions-Prevent-a-memory-leak.patch Patch2: 0002-CVE-2021-3802.patch Patch3: 0003-udiskslinuxmountoptions-Do-not-free-static-daemon-resources.patch +Patch4: 0004-udisksctl-Guard-object-lookup.patch BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version} @@ -439,6 +440,9 @@ udevadm trigger %endif %changelog +* Mon Jun 03 2024 cenhuilin - 2.9.0-6 +- udisksctl: Guard object lookup + * Wed Feb 22 2023 miaoguanqin - 2.9.0-5 - fix coredump with stop udisks2