rpms
/
inotify-tools
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix stack corruption on a moved directory, reproducible on aarch64.

Browse Source 
https://bugzilla.redhat.com/show_bug.cgi?id=1741472
  0006-Fix-buffer-overrun-in-inotifytools.c.patch
Fix buffer overrun on -c|--csv with '"', ',' or '\n' in directory name.
  0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
Remove rpath to pass a rpmbuild check.
epel9
Jan Kratochvil 6 years ago
parent 957f105215
commit 57853162fd
3 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File

24
0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
Unescape View File

@ -0,0 +1,24 @@
From: Dmitry Bogatov <KAction@gnu.org>
Date: Sat, 4 Mar 2017 21:13:38 +0300
Subject: [PATCH] Fix segfault with csv output when filename contains comma
Double `csv_escape()'ing filename is logic error, but root of the
problem was that passing `csv' buffer back into `csv_escape()' caused
endless loop over `static char csv[MAXLEN]', and buffer overflow.
---
src/inotifywait.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/inotifywait.c b/src/inotifywait.c
index 98aadd4..6e17007 100644
--- a/src/inotifywait.c
+++ b/src/inotifywait.c
@@ -119,7 +119,7 @@ void validate_format( char * fmt ) {
void output_event_csv( struct inotify_event * event ) {
char *filename = csv_escape(inotifytools_filename_from_wd(event->wd));
if (filename != NULL)
- printf("%s,", csv_escape(filename));
+ printf("%s,", filename);
printf("%s,", csv_escape( inotifytools_event_to_str( event->mask ) ) );
if ( event->len > 0 )

33
0006-Fix-buffer-overrun-in-inotifytools.c.patch
Unescape View File

@ -0,0 +1,33 @@
From: Dmitry Bogatov <KAction@debian.org>
Date: Tue, 6 Aug 2019 16:36:24 +0000
Subject: Fix buffer overrun in inotifytools.c
The following code
char *names[2+sizeof(int)/sizeof(char*)];
was supposed to allocate enough space on stack to fit two `char *' and one
`int'. Problem is that when sizeof(int) < sizeof(char *), which is likely on
64-bit systems, it caused expression `sizeof(int)/sizeof(char*)' evaluate to 0,
resulting in buffer overrun.
Detected by GCC-9 new diagnostics.
Closes: #925717
---
libinotifytools/src/inotifytools.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libinotifytools/src/inotifytools.c b/libinotifytools/src/inotifytools.c
index b3feca3..ce4ccd5 100644
--- a/libinotifytools/src/inotifytools.c
+++ b/libinotifytools/src/inotifytools.c
@@ -859,7 +859,7 @@ void inotifytools_set_filename_by_filename( char const * oldname,
void inotifytools_replace_filename( char const * oldname,
char const * newname ) {
if ( !oldname || !newname ) return;
- char *names[2+sizeof(int)/sizeof(char*)];
+ char *names[2+sizeof(int)/sizeof(char*) + 1];
names[0] = (char*)oldname;
names[1] = (char*)newname;
*((int*)&names[2]) = strlen(oldname);

17
inotify-tools.spec
Unescape View File

@ -1,11 +1,13 @@
Name: inotify-tools Name: inotify-tools
Version: 3.14 Version: 3.14
Release: 17%{?dist} Release: 18%{?dist}
Summary: Command line utilities for inotify Summary: Command line utilities for inotify
License: GPLv2 License: GPLv2
URL: http://inotify-tools.sourceforge.net/ URL: http://inotify-tools.sourceforge.net/
Source0: http://download.sf.net/inotify-tools/inotify-tools-%{version}.tar.gz Source0: http://download.sf.net/inotify-tools/inotify-tools-%{version}.tar.gz
Patch1: 0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
Patch2: 0006-Fix-buffer-overrun-in-inotifytools.c.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: autoconf BuildRequires: autoconf
@ -26,6 +28,8 @@ that use the libinotifytools library.
%prep %prep
%setup -q %setup -q
%patch1 -p1
%patch2 -p1
%build %build
@ -33,6 +37,9 @@ that use the libinotifytools library.
--disable-dependency-tracking \ --disable-dependency-tracking \
--disable-static \ --disable-static \
--enable-doxygen --enable-doxygen
# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_removing_rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{?_smp_mflags} make %{?_smp_mflags}
@ -67,6 +74,14 @@ rm -rf %{buildroot}/%{_datadir}/doc/
%changelog %changelog
* Thu Sep 05 2019 Jan Kratochvil <jan.kratochvil@redhat.com> - 3.14-18
- Fix stack corruption on a moved directory, reproducible on aarch64.
https://bugzilla.redhat.com/show_bug.cgi?id=1741472
0006-Fix-buffer-overrun-in-inotifytools.c.patch
- Fix buffer overrun on -c|--csv with '"', ',' or '\n' in directory name.
0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
- Remove rpath to pass a rpmbuild check.
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.14-17 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.14-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

Write Preview
Loading…
Cancel
Save