~ubuntu-branches/debian/sid/ntfs-3g/sid

Viewing changes to debian/patches/0002-CVE-2015-3202.patch

Committer: Package Import Robot
Author(s): Laszlo Boszormenyi (GCS), Salvatore Bonaccorso
Date: 2015-05-26 17:23:19 UTC
Revision ID: package-import@ubuntu.com-20150526172319-67zzx37k989ucquw

Tags: 1:2014.2.15AR.3-3

http://bugs.debian.org/786475

[ Salvatore Bonaccorso <carnil@debian.org> ]
Change all relevant execl() calls to execle() to fix all possible cases
of CVE-2015-3202 (closes: #786475).

files modified:
debian/changelog

debian/patches/0002-CVE-2015-3202.patch

libfuse-lite/mount_util.c

Show diffs side-by-side

added added

removed removed

debian/patches/0002-CVE-2015-3202.patch

Missing scrubbing of the environment before executing a mount or umount

of a filesystem.

Origin: backport

Bug-Debian: https://bugs.debian.org/786475

Author: Miklos Szeredi <miklos@szeredi.hu>

Last-Update: 2015-05-19

Last-Update: 2015-05-26

---

lib/mount_util.c | 23 +++++++++++++++++------

fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", progname,

strerror(errno));

exit(1);

@@ -353,11 +362,18 @@ int fuse_mnt_umount(const char *progname

return -1;

}

if (res == 0) {

+ char *env = NULL;

if (setuid(geteuid()))

fprintf(stderr, "%s: failed to setuid : %s\n", progname,

strerror(errno));

- execl("/bin/umount", "/bin/umount", "-i", mnt, lazy ? "-l" : NULL,

- NULL);

+ if (lazy) {

+ execle("/bin/umount", "/bin/umount", "-i", mnt, "-l",

+ NULL, &env);

+ } else {

+ execle("/bin/umount", "/bin/umount", "-i", mnt,

+ NULL, &env);

+ }

fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", progname,

strerror(errno));

exit(1);

Older »