libfuse: null-terminate buffer in fuse_req_getgroups()
Resolves: RHEL-27867 Signed-off-by: Pavel Reichl <preichl@redhat.com>
This commit is contained in:
Pavel Reichl
parent
e98a1a13e7
commit
4ba5d31cc6
@ -1,6 +1,6 @@
|
|||||||
Name: fuse3
|
Name: fuse3
|
||||||
Version: 3.10.2
|
Version: 3.10.2
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
Summary: File System in Userspace (FUSE) v3 utilities
|
Summary: File System in Userspace (FUSE) v3 utilities
|
||||||
License: GPL+
|
License: GPL+
|
||||||
URL: http://fuse.sf.net
|
URL: http://fuse.sf.net
|
||||||
@ -15,6 +15,7 @@ Patch5: rhel-only-bz2188182-libfuse-add-feature-flag-for-expire-only.patch
|
|||||||
Patch6: fuse-3.16.1-Make-expire-only-function-fail-if-no-kernel-support-.patch
|
Patch6: fuse-3.16.1-Make-expire-only-function-fail-if-no-kernel-support-.patch
|
||||||
Patch7: fuse-3.17.0-Pass-FUSE_PARALLEL_DIROPS-to-kernel-861.patch
|
Patch7: fuse-3.17.0-Pass-FUSE_PARALLEL_DIROPS-to-kernel-861.patch
|
||||||
Patch8: fuse-3.17.0-Don-t-set-FUSE_CAP_PARALLEL_DIROPS-by-default.patch
|
Patch8: fuse-3.17.0-Don-t-set-FUSE_CAP_PARALLEL_DIROPS-by-default.patch
|
||||||
|
Patch9: master-libfuse-null-terminate-buffer-in-fuse_req_getgroups.patch
|
||||||
|
|
||||||
BuildRequires: which
|
BuildRequires: which
|
||||||
%if ! 0%{?el6}
|
%if ! 0%{?el6}
|
||||||
@ -85,6 +86,7 @@ Common files for FUSE v2 and FUSE v3.
|
|||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
|
%patch9 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export LC_ALL=en_US.UTF-8
|
export LC_ALL=en_US.UTF-8
|
||||||
@ -174,6 +176,9 @@ rm -f %{buildroot}/usr/lib/udev/rules.d/99-fuse3.rules
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 17 2024 Pavel Reichl <preichl@redhat.com> - 3.10.2-9
|
||||||
|
- libfuse: null-terminate buffer in fuse_req_getgroups()
|
||||||
|
|
||||||
* Wed Feb 07 2024 Pavel Reichl <preichl@redhat.com> - 3.10.2-8
|
* Wed Feb 07 2024 Pavel Reichl <preichl@redhat.com> - 3.10.2-8
|
||||||
- Advertise support of FUSE_PARALLEL_DIROPS to kernel
|
- Advertise support of FUSE_PARALLEL_DIROPS to kernel
|
||||||
- Related: RHEL-24721
|
- Related: RHEL-24721
|
||||||
|
|||||||
@ -0,0 +1,35 @@
|
|||||||
|
From 29f621af8d39d5a140da584ff6c1eb00147b5a56 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Miklos Szeredi <mszeredi@redhat.com>
|
||||||
|
Date: Thu, 13 Jun 2024 13:57:25 +0200
|
||||||
|
Subject: [PATCH] libfuse: null-terminate buffer in fuse_req_getgroups()
|
||||||
|
|
||||||
|
After reading the file /proc/$PID/task/$PID/status the buffer wasn't
|
||||||
|
terminated with a null character. This could theoretically lead to buffer
|
||||||
|
overrun by the subsequent strstr() call.
|
||||||
|
|
||||||
|
Since the contents of the proc file are guaranteed to contain the pattern
|
||||||
|
that strstr is looking for, this doesn't happen in normal situations.
|
||||||
|
|
||||||
|
Add null termination for robustness.
|
||||||
|
|
||||||
|
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
||||||
|
Signed-off-by: Pavel Reichl <preichl@redhat.com>
|
||||||
|
---
|
||||||
|
lib/fuse_lowlevel.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
|
||||||
|
index fc46882..74b0424 100644
|
||||||
|
--- a/lib/fuse_lowlevel.c
|
||||||
|
+++ b/lib/fuse_lowlevel.c
|
||||||
|
@@ -3353,6 +3353,7 @@ retry:
|
||||||
|
goto retry;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ buf[ret] = '\0';
|
||||||
|
ret = -EIO;
|
||||||
|
s = strstr(buf, "\nGroups:");
|
||||||
|
if (s == NULL)
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user