rpms
/
fuse3
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import fuse3-3.10.2-9.el9

Browse Source
c9-beta imports/c9-beta/fuse3-3.10.2-9.el9
MSVSphere Packaging Team 4 months ago
parent 7627223128
commit 68dfc129cb
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File

35
SOURCES/master-libfuse-null-terminate-buffer-in-fuse_req_getgroups.patch
Unescape View File

@ -0,0 +1,35 @@
From 29f621af8d39d5a140da584ff6c1eb00147b5a56 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@redhat.com>
Date: Thu, 13 Jun 2024 13:57:25 +0200
Subject: [PATCH] libfuse: null-terminate buffer in fuse_req_getgroups()
After reading the file /proc/$PID/task/$PID/status the buffer wasn't
terminated with a null character. This could theoretically lead to buffer
overrun by the subsequent strstr() call.
Since the contents of the proc file are guaranteed to contain the pattern
that strstr is looking for, this doesn't happen in normal situations.
Add null termination for robustness.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Pavel Reichl <preichl@redhat.com>
---
lib/fuse_lowlevel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
index fc46882..74b0424 100644
--- a/lib/fuse_lowlevel.c
+++ b/lib/fuse_lowlevel.c
@@ -3353,6 +3353,7 @@ retry:
goto retry;
}
+ buf[ret] = '\0';
ret = -EIO;
s = strstr(buf, "\nGroups:");
if (s == NULL)
--
2.45.2

7
SPECS/fuse3.spec
Unescape View File

@ -1,6 +1,6 @@
Name: fuse3
Version: 3.10.2
Release: 8%{?dist}
Release: 9%{?dist}
Summary: File System in Userspace (FUSE) v3 utilities
License: GPL+
URL: http://fuse.sf.net
@ -15,6 +15,7 @@ Patch5: rhel-only-bz2188182-libfuse-add-feature-flag-for-expire-only.patch
Patch6: fuse-3.16.1-Make-expire-only-function-fail-if-no-kernel-support-.patch
Patch7: fuse-3.17.0-Pass-FUSE_PARALLEL_DIROPS-to-kernel-861.patch
Patch8: fuse-3.17.0-Don-t-set-FUSE_CAP_PARALLEL_DIROPS-by-default.patch
Patch9: master-libfuse-null-terminate-buffer-in-fuse_req_getgroups.patch
BuildRequires: which
%if ! 0%{?el6}
@ -85,6 +86,7 @@ Common files for FUSE v2 and FUSE v3.
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%build
export LC_ALL=en_US.UTF-8
@ -174,6 +176,9 @@ rm -f %{buildroot}/usr/lib/udev/rules.d/99-fuse3.rules
%endif
%changelog
* Mon Jun 17 2024 Pavel Reichl <preichl@redhat.com> - 3.10.2-9
- libfuse: null-terminate buffer in fuse_req_getgroups()
* Wed Feb 07 2024 Pavel Reichl <preichl@redhat.com> - 3.10.2-8
- Advertise support of FUSE_PARALLEL_DIROPS to kernel
- Related: RHEL-24721

Write Preview
Loading…
Cancel
Save