rpms/afuse
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix buffer overflow issue with strcpy

Browse source
This commit is contained in:
Tom spot Callaway 2021-02-24 13:37:42 -05:00
commit cacaddb23c
2 changed files with 36 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

22
afuse-0.4.1-strcpy-buffer-overflow-fix.patch Normal file
View file

@ -0,0 +1,22 @@
diff -up afuse-0.4.1/src/afuse.c.strcpy-buffer-overflow-fix afuse-0.4.1/src/afuse.c
--- afuse-0.4.1/src/afuse.c.strcpy-buffer-overflow-fix 2013-02-12 21:36:47.000000000 -0500
+++ afuse-0.4.1/src/afuse.c 2021-02-24 13:31:58.884245692 -0500
@@ -1853,8 +1853,16 @@ static int afuse_opt_proc(void *data, co
int main(int argc, char *argv[])
{
struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
- char *temp_dir_name = my_malloc(strlen(TMP_DIR_TEMPLATE));
- strcpy(temp_dir_name, TMP_DIR_TEMPLATE);
+ size_t buflen = strlen(TMP_DIR_TEMPLATE);
+ // need one more for the null terminator
+ buflen++;
+ char *temp_dir_name = my_malloc(buflen);
+ if (buflen > 0) {
+ strncpy(temp_dir_name, TMP_DIR_TEMPLATE, buflen - 1);
+ temp_dir_name[buflen - 1] = '\0';
+ }
+
+ // strcpy(temp_dir_name, TMP_DIR_TEMPLATE);
if (fuse_opt_parse(&args, &user_options, afuse_opts, afuse_opt_proc) ==
-1)

23
afuse.spec
View file

@ -1,25 +1,27 @@
Name: afuse
Summary: An automounter implemented with FUSE
Version: 0.4.1
Release: 16%{?dist}
Release: 17%{?dist}
License: GPLv2+
Source0: https://afuse.googlecode.com/files/%{name}-%{version}.tar.gz
Patch0: afuse-0.4.1-strcpy-buffer-overflow-fix.patch
URL: https://github.com/pcarrier/afuse/
BuildRequires: gcc
BuildRequires: gcc
BuildRequires: fuse-devel
BuildRequires: make
BuildRequires: make
%description
Afuse is an automounting file system implemented in user-space using FUSE.
Afuse currently implements the most basic functionality that can be expected
by an automounter; that is it manages a directory of virtual directories. If
one of these virtual directories is accessed and is not already automounted,
afuse will attempt to mount a filesystem onto that directory. If the mount
succeeds the requested access proceeds as normal, otherwise it will fail
Afuse is an automounting file system implemented in user-space using FUSE.
Afuse currently implements the most basic functionality that can be expected
by an automounter; that is it manages a directory of virtual directories. If
one of these virtual directories is accessed and is not already automounted,
afuse will attempt to mount a filesystem onto that directory. If the mount
succeeds the requested access proceeds as normal, otherwise it will fail
with an error.
%prep
%setup -q
%patch0 -p1 -b .strcpy-buffer-overflow-fix
%build
%configure
@ -35,6 +37,9 @@ make DESTDIR=%{buildroot} install
%{_bindir}/afuse-avahissh
%changelog
* Wed Feb 24 2021 Tom Callaway <spot@fedoraproject.org> - 0.4.1-17
- fix buffer overflow issue with strcpy
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild