import CS fuse-2.9.9-16.el9
This commit is contained in:
parent
1b29d10307
commit
71298f2b39
@ -0,0 +1,35 @@
|
|||||||
|
From 29f621af8d39d5a140da584ff6c1eb00147b5a56 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Miklos Szeredi <mszeredi@redhat.com>
|
||||||
|
Date: Thu, 13 Jun 2024 13:57:25 +0200
|
||||||
|
Subject: [PATCH] libfuse: null-terminate buffer in fuse_req_getgroups()
|
||||||
|
|
||||||
|
After reading the file /proc/$PID/task/$PID/status the buffer wasn't
|
||||||
|
terminated with a null character. This could theoretically lead to buffer
|
||||||
|
overrun by the subsequent strstr() call.
|
||||||
|
|
||||||
|
Since the contents of the proc file are guaranteed to contain the pattern
|
||||||
|
that strstr is looking for, this doesn't happen in normal situations.
|
||||||
|
|
||||||
|
Add null termination for robustness.
|
||||||
|
|
||||||
|
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
||||||
|
Signed-off-by: Pavel Reichl <preichl@redhat.com>
|
||||||
|
---
|
||||||
|
lib/fuse_lowlevel.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
|
||||||
|
index fc46882..74b0424 100644
|
||||||
|
--- a/lib/fuse_lowlevel.c
|
||||||
|
+++ b/lib/fuse_lowlevel.c
|
||||||
|
@@ -3353,6 +3353,7 @@ retry:
|
||||||
|
goto retry;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ buf[ret] = '\0';
|
||||||
|
ret = -EIO;
|
||||||
|
s = strstr(buf, "\nGroups:");
|
||||||
|
if (s == NULL)
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
Name: fuse
|
Name: fuse
|
||||||
Version: 2.9.9
|
Version: 2.9.9
|
||||||
Release: 15%{?dist}
|
Release: 16%{?dist}
|
||||||
Summary: File System in Userspace (FUSE) v2 utilities
|
Summary: File System in Userspace (FUSE) v2 utilities
|
||||||
License: GPL+
|
License: GPL+
|
||||||
URL: http://fuse.sf.net
|
URL: http://fuse.sf.net
|
||||||
@ -20,6 +20,7 @@ Patch4: fuse2-0004-Whitelist-SMB2-found-on-some-NAS-devices.patch
|
|||||||
# https://github.com/libfuse/libfuse/pull/619
|
# https://github.com/libfuse/libfuse/pull/619
|
||||||
# https://github.com/libfuse/libfuse/commit/ae2352bca9b4e607538412da0cc2a9625cd8b692.patch
|
# https://github.com/libfuse/libfuse/commit/ae2352bca9b4e607538412da0cc2a9625cd8b692.patch
|
||||||
Patch5: fuse2-0005-remove-closefrom-function.patch
|
Patch5: fuse2-0005-remove-closefrom-function.patch
|
||||||
|
Patch6: fuse2-0006-master-libfuse-null-terminate-buffer-in-fuse_req_getgroups.patch
|
||||||
|
|
||||||
# Default to *do* run autoreconf, because in case any downstream patch touched
|
# Default to *do* run autoreconf, because in case any downstream patch touched
|
||||||
# configure.ac or Makefile.am it may be necessary to do so - e.g Patch #5.
|
# configure.ac or Makefile.am it may be necessary to do so - e.g Patch #5.
|
||||||
@ -70,6 +71,7 @@ sed -i 's|mknod|echo Disabled: mknod |g' util/Makefile.in
|
|||||||
%patch3 -p1 -b .buffer_size
|
%patch3 -p1 -b .buffer_size
|
||||||
%patch4 -p1 -b .smb2_whitelist
|
%patch4 -p1 -b .smb2_whitelist
|
||||||
%patch5 -p1 -b .remove_closefrom
|
%patch5 -p1 -b .remove_closefrom
|
||||||
|
%patch6 -p1 -b .fix_null_terminate
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?enable_autotools}
|
%if 0%{?enable_autotools}
|
||||||
@ -135,6 +137,9 @@ rm -f %{buildroot}/%{_libdir}/*.a
|
|||||||
%{_includedir}/fuse
|
%{_includedir}/fuse
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 14 2024 Pavel Reichl <preichl@redhat.com> - 2.9.9-16
|
||||||
|
- null-terminate buffer in fuse_req_getgroups()
|
||||||
|
|
||||||
* Tue Dec 07 2021 Pavel Reichl <preichl@redhat.com> - 2.9.9-15
|
* Tue Dec 07 2021 Pavel Reichl <preichl@redhat.com> - 2.9.9-15
|
||||||
- Add gating.yaml file
|
- Add gating.yaml file
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user