rpms
/
fuse
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9-beta
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8c-beta
rpms:c8-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:c9
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8c-beta
rpms:c8-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9-beta' and 'c9' have entirely different histories.
c9-beta ... c9

2 changed files with 1 additions and 41 deletions
Show Stats

35
SOURCES/fuse2-0006-master-libfuse-null-terminate-buffer-in-fuse_req_getgroups.patch
Unescape View File

@ -1,35 +0,0 @@
From 29f621af8d39d5a140da584ff6c1eb00147b5a56 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@redhat.com>
Date: Thu, 13 Jun 2024 13:57:25 +0200
Subject: [PATCH] libfuse: null-terminate buffer in fuse_req_getgroups()
After reading the file /proc/$PID/task/$PID/status the buffer wasn't
terminated with a null character. This could theoretically lead to buffer
overrun by the subsequent strstr() call.
Since the contents of the proc file are guaranteed to contain the pattern
that strstr is looking for, this doesn't happen in normal situations.
Add null termination for robustness.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Pavel Reichl <preichl@redhat.com>
---
lib/fuse_lowlevel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
index fc46882..74b0424 100644
--- a/lib/fuse_lowlevel.c
+++ b/lib/fuse_lowlevel.c
@@ -3353,6 +3353,7 @@ retry:
goto retry;
}
+ buf[ret] = '\0';
ret = -EIO;
s = strstr(buf, "\nGroups:");
if (s == NULL)
--
2.45.2

7
SPECS/fuse.spec
Unescape View File

@ -1,6 +1,6 @@
Name: fuse Name: fuse
Version: 2.9.9 Version: 2.9.9
Release: 16%{?dist} Release: 15%{?dist}
Summary: File System in Userspace (FUSE) v2 utilities Summary: File System in Userspace (FUSE) v2 utilities
License: GPL+ License: GPL+
URL: http://fuse.sf.net URL: http://fuse.sf.net
@ -20,7 +20,6 @@ Patch4: fuse2-0004-Whitelist-SMB2-found-on-some-NAS-devices.patch
# https://github.com/libfuse/libfuse/pull/619 # https://github.com/libfuse/libfuse/pull/619
# https://github.com/libfuse/libfuse/commit/ae2352bca9b4e607538412da0cc2a9625cd8b692.patch # https://github.com/libfuse/libfuse/commit/ae2352bca9b4e607538412da0cc2a9625cd8b692.patch
Patch5: fuse2-0005-remove-closefrom-function.patch Patch5: fuse2-0005-remove-closefrom-function.patch
Patch6: fuse2-0006-master-libfuse-null-terminate-buffer-in-fuse_req_getgroups.patch
# Default to *do* run autoreconf, because in case any downstream patch touched # Default to *do* run autoreconf, because in case any downstream patch touched
# configure.ac or Makefile.am it may be necessary to do so - e.g Patch #5. # configure.ac or Makefile.am it may be necessary to do so - e.g Patch #5.
@ -71,7 +70,6 @@ sed -i 's|mknod|echo Disabled: mknod |g' util/Makefile.in
%patch3 -p1 -b .buffer_size %patch3 -p1 -b .buffer_size
%patch4 -p1 -b .smb2_whitelist %patch4 -p1 -b .smb2_whitelist
%patch5 -p1 -b .remove_closefrom %patch5 -p1 -b .remove_closefrom
%patch6 -p1 -b .fix_null_terminate
%build %build
%if 0%{?enable_autotools} %if 0%{?enable_autotools}
@ -137,9 +135,6 @@ rm -f %{buildroot}/%{_libdir}/*.a
%{_includedir}/fuse %{_includedir}/fuse
%changelog %changelog
* Fri Jun 14 2024 Pavel Reichl <preichl@redhat.com> - 2.9.9-16
- null-terminate buffer in fuse_req_getgroups()
* Tue Dec 07 2021 Pavel Reichl <preichl@redhat.com> - 2.9.9-15 * Tue Dec 07 2021 Pavel Reichl <preichl@redhat.com> - 2.9.9-15
- Add gating.yaml file - Add gating.yaml file

Write Preview
Loading…
Cancel
Save