File _service:tar_scm:backport-libblkid-avoid-buffer... of Package util-linux

File _service:tar_scm:backport-libblkid-avoid-buffer-overflow-in-ocfs-superblock-parsing.patch of Package util-linux

From d7fa8ed63891b0058c5df8aa809e34de61008f51 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Sun, 9 Oct 2022 20:20:45 +0200
Subject: [PATCH] libblkid: avoid buffer overflow in ocfs superblock parsing

Label and mount values are checked only according to on-disk
values and not checked against the real structure size.
This can lead to reading of memory outside of superblock
struct and subsequent crash.

Reproducer found with OSS-Fuzz (issue 52270) running over
cryptsetup project (blkid is used in header init).

Signed-off-by: Milan Broz <gmazyland@gmail.com>
---
 libblkid/src/superblocks/ocfs.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libblkid/src/superblocks/ocfs.c b/libblkid/src/superblocks/ocfs.c
index 28df6ddfa4..e213d66b44 100644
--- a/libblkid/src/superblocks/ocfs.c
+++ b/libblkid/src/superblocks/ocfs.c
@@ -129,10 +129,12 @@ static int probe_ocfs(blkid_probe pr, const struct blkid_idmag *mag)
 		blkid_probe_set_value(pr, "SEC_TYPE",
 				(unsigned char *) "ntocfs", sizeof("ntocfs"));
 
-	blkid_probe_set_label(pr, (unsigned char *) ovl.label,
-				ocfslabellen(ovl));
-	blkid_probe_set_value(pr, "MOUNT", (unsigned char *) ovh.mount,
-				ocfsmountlen(ovh));
+	if (ocfslabellen(ovl) < sizeof(ovl.label))
+		blkid_probe_set_label(pr, (unsigned char *) ovl.label,
+					ocfslabellen(ovl));
+	if (ocfsmountlen(ovh) < sizeof(ovh.mount))
+		blkid_probe_set_value(pr, "MOUNT", (unsigned char *) ovh.mount,
+					ocfsmountlen(ovh));
 	blkid_probe_set_uuid(pr, ovl.vol_id);
 	blkid_probe_sprintf_version(pr, "%u.%u", maj, min);
 	return 0;