Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 73173 Details for
Bug 112902
sys-fs/fuse: fusermount can corrupt /etc/mtab (CVE-2005-3531)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fusermount.patch
fusermount.patch (text/plain), 1.27 KB, created by
Thierry Carrez (RETIRED)
on 2005-11-19 03:32:17 UTC
(
hide
)
Description:
fusermount.patch
Filename:
MIME Type:
Creator:
Thierry Carrez (RETIRED)
Created:
2005-11-19 03:32:17 UTC
Size:
1.27 KB
patch
obsolete
>Index: util/fusermount.c >=================================================================== >RCS file: /cvsroot/fuse/fuse/util/fusermount.c,v >retrieving revision 1.69 >diff -u -r1.69 fusermount.c >--- util/fusermount.c 11 Oct 2005 10:12:08 -0000 1.69 >+++ util/fusermount.c 18 Nov 2005 20:32:26 -0000 >@@ -120,6 +120,23 @@ > } > } > >+/* Glibc addmntent() doesn't encode '\n', misencodes '\t' as '\n' >+ (version 2.3.2), and encodes '\\' differently as mount(8). So >+ let's not allow those characters, they are not all that usual in >+ filenames. */ >+static int check_name(const char *name) >+{ >+ char *s; >+ for (s = "\n\t\\"; *s; s++) { >+ if (strchr(name, *s)) { >+ fprintf(stderr, "%s: illegal character 0x%02x in mount entry\n", >+ progname, *s); >+ return -1; >+ } >+ } >+ return 0; >+} >+ > static int add_mount(const char *fsname, const char *mnt, const char *type, > const char *opts) > { >@@ -128,6 +145,10 @@ > struct mntent ent; > FILE *fp; > >+ if (check_name(fsname) == -1 || check_name(mnt) == -1 || >+ check_name(type) == -1 || check_name(opts) == -1) >+ return -1; >+ > fp = setmntent(mtab, "a"); > if (fp == NULL) { > fprintf(stderr, "%s: failed to open %s: %s\n", progname, mtab,
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 112902
: 73173