import CS fuse-2.9.9-16.el9

This commit is contained in:
eabdullin 2024-09-30 15:31:37 +00:00
parent 1b29d10307
commit 71298f2b39
2 changed files with 41 additions and 1 deletions

View File

@ -0,0 +1,35 @@
From 29f621af8d39d5a140da584ff6c1eb00147b5a56 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@redhat.com>
Date: Thu, 13 Jun 2024 13:57:25 +0200
Subject: [PATCH] libfuse: null-terminate buffer in fuse_req_getgroups()
After reading the file /proc/$PID/task/$PID/status the buffer wasn't
terminated with a null character. This could theoretically lead to buffer
overrun by the subsequent strstr() call.
Since the contents of the proc file are guaranteed to contain the pattern
that strstr is looking for, this doesn't happen in normal situations.
Add null termination for robustness.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Pavel Reichl <preichl@redhat.com>
---
lib/fuse_lowlevel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
index fc46882..74b0424 100644
--- a/lib/fuse_lowlevel.c
+++ b/lib/fuse_lowlevel.c
@@ -3353,6 +3353,7 @@ retry:
goto retry;
}
+ buf[ret] = '\0';
ret = -EIO;
s = strstr(buf, "\nGroups:");
if (s == NULL)
--
2.45.2

View File

@ -1,6 +1,6 @@
Name: fuse Name: fuse
Version: 2.9.9 Version: 2.9.9
Release: 15%{?dist} Release: 16%{?dist}
Summary: File System in Userspace (FUSE) v2 utilities Summary: File System in Userspace (FUSE) v2 utilities
License: GPL+ License: GPL+
URL: http://fuse.sf.net URL: http://fuse.sf.net
@ -20,6 +20,7 @@ Patch4: fuse2-0004-Whitelist-SMB2-found-on-some-NAS-devices.patch
# https://github.com/libfuse/libfuse/pull/619 # https://github.com/libfuse/libfuse/pull/619
# https://github.com/libfuse/libfuse/commit/ae2352bca9b4e607538412da0cc2a9625cd8b692.patch # https://github.com/libfuse/libfuse/commit/ae2352bca9b4e607538412da0cc2a9625cd8b692.patch
Patch5: fuse2-0005-remove-closefrom-function.patch Patch5: fuse2-0005-remove-closefrom-function.patch
Patch6: fuse2-0006-master-libfuse-null-terminate-buffer-in-fuse_req_getgroups.patch
# Default to *do* run autoreconf, because in case any downstream patch touched # Default to *do* run autoreconf, because in case any downstream patch touched
# configure.ac or Makefile.am it may be necessary to do so - e.g Patch #5. # configure.ac or Makefile.am it may be necessary to do so - e.g Patch #5.
@ -70,6 +71,7 @@ sed -i 's|mknod|echo Disabled: mknod |g' util/Makefile.in
%patch3 -p1 -b .buffer_size %patch3 -p1 -b .buffer_size
%patch4 -p1 -b .smb2_whitelist %patch4 -p1 -b .smb2_whitelist
%patch5 -p1 -b .remove_closefrom %patch5 -p1 -b .remove_closefrom
%patch6 -p1 -b .fix_null_terminate
%build %build
%if 0%{?enable_autotools} %if 0%{?enable_autotools}
@ -135,6 +137,9 @@ rm -f %{buildroot}/%{_libdir}/*.a
%{_includedir}/fuse %{_includedir}/fuse
%changelog %changelog
* Fri Jun 14 2024 Pavel Reichl <preichl@redhat.com> - 2.9.9-16
- null-terminate buffer in fuse_req_getgroups()
* Tue Dec 07 2021 Pavel Reichl <preichl@redhat.com> - 2.9.9-15 * Tue Dec 07 2021 Pavel Reichl <preichl@redhat.com> - 2.9.9-15
- Add gating.yaml file - Add gating.yaml file