flatpak/SOURCES/flatpak-1.0.6-CVE-2019-10063.patch
2021-10-08 11:00:08 +00:00

30 lines
904 B
Diff

From 77f076712949c13b9bcecc02d043cbd6de6e291e Mon Sep 17 00:00:00 2001
From: Ryan Gonzalez <rymg19@gmail.com>
Date: Mon, 25 Mar 2019 13:00:15 -0500
Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
Closes #2782.
Closes: #2783
Approved by: alexlarsson
---
common/flatpak-run.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 90b435fe..d1acd9f2 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2147,7 +2147,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
- {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
+ {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
};
struct
--
2.21.0