null-terminate buffer in fuse_req_getgroups()
Resolves: RHEL-27934 Signed-off-by: Pavel Reichl <preichl@redhat.com>
This commit is contained in:
Pavel Reichl
parent
7beff09899
commit
956c2594b9
@ -1,6 +1,6 @@
|
||||
Name: fuse
|
||||
Version: 2.9.9
|
||||
Release: 15%{?dist}
|
||||
Release: 16%{?dist}
|
||||
Summary: File System in Userspace (FUSE) v2 utilities
|
||||
License: GPL+
|
||||
URL: http://fuse.sf.net
|
||||
@ -20,6 +20,7 @@ Patch4: fuse2-0004-Whitelist-SMB2-found-on-some-NAS-devices.patch
|
||||
# https://github.com/libfuse/libfuse/pull/619
|
||||
# https://github.com/libfuse/libfuse/commit/ae2352bca9b4e607538412da0cc2a9625cd8b692.patch
|
||||
Patch5: fuse2-0005-remove-closefrom-function.patch
|
||||
Patch6: fuse2-0006-master-libfuse-null-terminate-buffer-in-fuse_req_getgroups.patch
|
||||
|
||||
# Default to *do* run autoreconf, because in case any downstream patch touched
|
||||
# configure.ac or Makefile.am it may be necessary to do so - e.g Patch #5.
|
||||
@ -70,6 +71,7 @@ sed -i 's|mknod|echo Disabled: mknod |g' util/Makefile.in
|
||||
%patch3 -p1 -b .buffer_size
|
||||
%patch4 -p1 -b .smb2_whitelist
|
||||
%patch5 -p1 -b .remove_closefrom
|
||||
%patch6 -p1 -b .fix_null_terminate
|
||||
|
||||
%build
|
||||
%if 0%{?enable_autotools}
|
||||
@ -135,6 +137,9 @@ rm -f %{buildroot}/%{_libdir}/*.a
|
||||
%{_includedir}/fuse
|
||||
|
||||
%changelog
|
||||
* Fri Jun 14 2024 Pavel Reichl <preichl@redhat.com> - 2.9.9-16
|
||||
- null-terminate buffer in fuse_req_getgroups()
|
||||
|
||||
* Tue Dec 07 2021 Pavel Reichl <preichl@redhat.com> - 2.9.9-15
|
||||
- Add gating.yaml file
|
||||
|
||||
|
||||
@ -0,0 +1,35 @@
|
||||
From 29f621af8d39d5a140da584ff6c1eb00147b5a56 Mon Sep 17 00:00:00 2001
|
||||
From: Miklos Szeredi <mszeredi@redhat.com>
|
||||
Date: Thu, 13 Jun 2024 13:57:25 +0200
|
||||
Subject: [PATCH] libfuse: null-terminate buffer in fuse_req_getgroups()
|
||||
|
||||
After reading the file /proc/$PID/task/$PID/status the buffer wasn't
|
||||
terminated with a null character. This could theoretically lead to buffer
|
||||
overrun by the subsequent strstr() call.
|
||||
|
||||
Since the contents of the proc file are guaranteed to contain the pattern
|
||||
that strstr is looking for, this doesn't happen in normal situations.
|
||||
|
||||
Add null termination for robustness.
|
||||
|
||||
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
||||
Signed-off-by: Pavel Reichl <preichl@redhat.com>
|
||||
---
|
||||
lib/fuse_lowlevel.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
|
||||
index fc46882..74b0424 100644
|
||||
--- a/lib/fuse_lowlevel.c
|
||||
+++ b/lib/fuse_lowlevel.c
|
||||
@@ -3353,6 +3353,7 @@ retry:
|
||||
goto retry;
|
||||
}
|
||||
|
||||
+ buf[ret] = '\0';
|
||||
ret = -EIO;
|
||||
s = strstr(buf, "\nGroups:");
|
||||
if (s == NULL)
|
||||
--
|
||||
2.45.2
|
||||
|
||||
Loading…
Reference in New Issue
Block a user