Fix stack corruption on a moved directory, reproducible on aarch64.

https://bugzilla.redhat.com/show_bug.cgi?id=1741472 0006-Fix-buffer-overrun-in-inotifytools.c.patch Fix buffer overrun on -c|--csv with '"', ',' or '\n' in directory name. 0005-Fix-segfault-with-csv-output-when-filename-contains-.patch Remove rpath to pass a rpmbuild check.
6 years ago · 57853162fd
parent 957f105215
commit 57853162fd
3 changed files with 73 additions and 1 deletions
--- a/0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
+++ b/0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
@ -0,0 +1,24 @@
+From: Dmitry Bogatov <KAction@gnu.org>
+Date: Sat, 4 Mar 2017 21:13:38 +0300
+Subject: [PATCH] Fix segfault with csv output when filename contains comma
+
+Double `csv_escape()'ing filename is logic error, but root of the
+problem was that passing `csv' buffer back into `csv_escape()' caused
+endless loop over `static char csv[MAXLEN]', and buffer overflow.
+---
+ src/inotifywait.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/inotifywait.c b/src/inotifywait.c
+index 98aadd4..6e17007 100644
+--- a/src/inotifywait.c
+++ b/src/inotifywait.c
+@@ -119,7 +119,7 @@ void validate_format( char * fmt ) {
+ void output_event_csv( struct inotify_event * event ) {
+     char *filename = csv_escape(inotifytools_filename_from_wd(event->wd));
+     if (filename != NULL)
+-        printf("%s,", csv_escape(filename));
+        printf("%s,", filename);
+ 
+ 	printf("%s,", csv_escape( inotifytools_event_to_str( event->mask ) ) );
+ 	if ( event->len > 0 )
--- a/0006-Fix-buffer-overrun-in-inotifytools.c.patch
+++ b/0006-Fix-buffer-overrun-in-inotifytools.c.patch
@ -0,0 +1,33 @@
+From: Dmitry Bogatov <KAction@debian.org>
+Date: Tue, 6 Aug 2019 16:36:24 +0000
+Subject: Fix buffer overrun in inotifytools.c
+
+The following code
+
+    char *names[2+sizeof(int)/sizeof(char*)];
+
+was supposed to allocate enough space on stack to fit two `char *' and one
+`int'. Problem is that when sizeof(int) < sizeof(char *), which is likely on
+64-bit systems, it caused expression `sizeof(int)/sizeof(char*)' evaluate to 0,
+resulting in buffer overrun.
+
+Detected by GCC-9 new diagnostics.
+
+Closes: #925717
+---
+ libinotifytools/src/inotifytools.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libinotifytools/src/inotifytools.c b/libinotifytools/src/inotifytools.c
+index b3feca3..ce4ccd5 100644
+--- a/libinotifytools/src/inotifytools.c
+++ b/libinotifytools/src/inotifytools.c
+@@ -859,7 +859,7 @@ void inotifytools_set_filename_by_filename( char const * oldname,
+ void inotifytools_replace_filename( char const * oldname,
+                                     char const * newname ) {
+ 	if ( !oldname || !newname ) return;
+-	char *names[2+sizeof(int)/sizeof(char*)];
+	char *names[2+sizeof(int)/sizeof(char*) + 1];
+ 	names[0] = (char*)oldname;
+ 	names[1] = (char*)newname;
+ 	*((int*)&names[2]) = strlen(oldname);
--- a/inotify-tools.spec
+++ b/inotify-tools.spec
@ -1,11 +1,13 @@
 Name:           inotify-tools
 Version:        3.14
-Release:        17%{?dist}
+Release:        18%{?dist}
 Summary:        Command line utilities for inotify

 License:        GPLv2
 URL:		 http://inotify-tools.sourceforge.net/
 Source0:        http://download.sf.net/inotify-tools/inotify-tools-%{version}.tar.gz
+Patch1:         0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
+Patch2:         0006-Fix-buffer-overrun-in-inotifytools.c.patch

 BuildRequires:  gcc
 BuildRequires:  autoconf
@ -26,6 +28,8 @@ that use the libinotifytools library.

 %prep
 %setup -q
+%patch1 -p1
+%patch2 -p1


 %build
@ -33,6 +37,9 @@ that use the libinotifytools library.
        --disable-dependency-tracking \
        --disable-static \
        --enable-doxygen
+# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_removing_rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 make %{?_smp_mflags}


@ -67,6 +74,14 @@ rm -rf %{buildroot}/%{_datadir}/doc/


 %changelog
+* Thu Sep 05 2019 Jan Kratochvil <jan.kratochvil@redhat.com> - 3.14-18
+- Fix stack corruption on a moved directory, reproducible on aarch64.
+  https://bugzilla.redhat.com/show_bug.cgi?id=1741472
+  0006-Fix-buffer-overrun-in-inotifytools.c.patch
+- Fix buffer overrun on -c|--csv with '"', ',' or '\n' in directory name.
+  0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
+- Remove rpath to pass a rpmbuild check.
+
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.14-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild