Bug#412141: marked as done (fakechroot: readlink misimplemented)

Debian Bug Tracking System Sat, 05 May 2007 11:13:55 -0700

Your message dated Sat, 05 May 2007 18:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#412141: fixed in fakechroot 2.6-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: fakechroot
Version: 2.5-1.1.20070212-6
Severity: important

(Ignore the version, it's my local build with other fixes, the bug is
clear from reading the source...)

libfakechroot.c, readlink() implementation, in particular the
end-of-buffer handling, can truncate links; coreutils readlink exposes
this because it starts out passing in a bufsiz of 128, and it's easy
to have a FAKECHROOT_BASE nearly that deep...

The fix I propose is to 
  1. call next_readlink with FAKECHROOT_MAXPATH-1, not bufsiz
  2. check strlen(tmpptr) against bufsiz and return -1 if it won't fit
  3. use strncpy so as not to overrun the input buffer
    3a. return the length of the input, since the output copy might
        not have a null at the end.

Following is a rough trace of demonstrating the truncation, using
readlink from coreutils 5.2.1-2, and note that "readlink x130" gives
only 27 characters of the link, instead of 30.


wildcat$ fakeroot fakechroot
wildcat# env | grep FAKE
FAKECHROOT=true
FAKEROOTKEY=1024906132
FAKECHROOT_VERSION=2.5
FAKED_MODE=unknown-is-root
wildcat# mkdir 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
wildcat# echo -n 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
 | wc -c
100
wildcat# export 
FAKECHROOT_BASE=/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
wildcat# cd 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
wildcat# unset FAKECHROOT_BASE
wildcat# pwd
/
wildcat# cd /
wildcat# ls
afs/  boot/   dev/  home/    lib/         media/  opt/   root/  srv/  tmp/  var/
bin/  cdrom/  etc/  initrd/  lost+found/  mnt/    proc/  sbin/  sys/  usr/  
vmlinuz@
wildcat# pwd
/
wildcat# ln -s 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/123456789
 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x110
wildcat# ln -s 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/1234567890123456789
 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x120
wildcat# ln -s 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/12345678901234567890123456789
 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x130
wildcat# readlink 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x130
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/12345678901234567890123456789
wildcat# readlink 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x130
 | wc -c
131
wildcat# cd 
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
wildcat# export 
FAKECHROOT_BASE=/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
wildcat# pwd
/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
wildcat# echo *
bin x110 x120 x130
wildcat# readlink x130
/123456789012345678901234567
wildcat# readlink x120
/1234567890123456789
wildcat# readlink x110
/123456789


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.15-mc2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages fakechroot depends on:
ii  libc6                 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an

-- debconf-show failed

--- End Message ---

--- Begin Message ---

Source: fakechroot
Source-Version: 2.6-1

We believe that the bug you reported is fixed in the latest version of
fakechroot, which is due to be installed in the Debian FTP archive:

fakechroot_2.6-1.diff.gz
  to pool/main/f/fakechroot/fakechroot_2.6-1.diff.gz
fakechroot_2.6-1.dsc
  to pool/main/f/fakechroot/fakechroot_2.6-1.dsc
fakechroot_2.6-1_i386.deb
  to pool/main/f/fakechroot/fakechroot_2.6-1_i386.deb
fakechroot_2.6.orig.tar.gz
  to pool/main/f/fakechroot/fakechroot_2.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Piotr Roszatycki <[EMAIL PROTECTED]> (supplier of updated fakechroot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  5 May 2007 17:20:28 +0200
Source: fakechroot
Binary: fakechroot
Architecture: source i386
Version: 2.6-1
Distribution: unstable
Urgency: low
Maintainer: Piotr Roszatycki <[EMAIL PROTECTED]>
Changed-By: Piotr Roszatycki <[EMAIL PROTECTED]>
Description: 
 fakechroot - gives a fake chroot environment
Closes: 361202 363403 410145 410739 412141 412603 412918
Changes: 
 fakechroot (2.6-1) unstable; urgency=low
 .
   * New environment variable FAKECHROOT_EXCLUDE_PATH.
   * Fixed getcwd(3) function. Closes: #410145, #410739.
   * Fixed readlink(2) function. Closes: #412141.
   * Fixed mktemp(3) function. Closes: #412918.
   * The chroot(2) function is now recursive and allows nested chroots.
     Closes: #412603.
   * Updated manpage.
   * Supported 32-bit biarch on ppc64 architecture. Closes: #361202.
   * Fixed typo in package's description. Closes: #363403.
Files: 
 f1ff59b59c0cd04bacac28b659a408de 666 utils optional fakechroot_2.6-1.dsc
 1ac07b265890cb3b5379327c3c8b07ab 445712 utils optional 
fakechroot_2.6.orig.tar.gz
 5d8d1c686cb1f3e387eacd91acbeb291 6280 utils optional fakechroot_2.6-1.diff.gz
 a9779b75bbe89e2a63650d28fd6eed75 25798 utils optional fakechroot_2.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGPMLIhMHHe8CxClsRArsJAKDMWduAIQcFCdw0PDvhs9shjkjivACgkpsB
DRB67EXxBFyQsY4mMui9Wrs=
=JaDP
-----END PGP SIGNATURE-----

--- End Message ---

Bug#412141: marked as done (fakechroot: readlink misimplemented)

Reply via email to