Package: release.debian.org Version: 5.3.3-1 Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: rwpen...@users.sourceforge.net Control: affects -1 + src:cryptmount
[ Reason ] When cryptmount is passed invalid command-line arguments, it is likely to crash with a SEGV error due to inappropriately zeroed memory passed to getopt_long(). [ Impact ] The absence of error-messages when invalid command-line arguments are supplied affects usability. The use of uninitialized memory with a setuid binary is, potentially, a security risk. [ Tests ] The fix involves a single-line change to replace a call to malloc() with one to calloc(). This has been tested manually on invalid command-line arguments, and the upstream "mudslinger" test-suite has been used for regression tests across a wide range of usage scenarios. [ Risks ] The proposed change has very little risk of side-effects. [ Checklist ] [x] *all* changes are documents in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in bullseye [x] the issue is verified as fixed in unstable [ Changes ] A call to malloc() prior to using getopt_long() has been replaced by a similar call to calloc().
diff -Nru cryptmount-5.3.3/debian/changelog cryptmount-5.3.3/debian/changelog --- cryptmount-5.3.3/debian/changelog 2021-01-01 14:34:20.000000000 +0000 +++ cryptmount-5.3.3/debian/changelog 2023-07-20 11:30:00.000000000 +0100 @@ -1,3 +1,12 @@ +cryptmount (5.3.3-1+deb11u1) bullseye; urgency=low + + * Fix for memory-initialization in command-line parser (bug#1038384) + - one-line change to source-code, replacing malloc() with calloc() + - reduces risk of SEGV crashes when handling unrecognized + command-line options + + -- RW Penney <rwpen...@users.sourceforge.net> Sun, 20 Jul 2023 10:30:00 +0000 + cryptmount (5.3.3-1) unstable; urgency=low * New upstream release diff -Nru cryptmount-5.3.3/debian/patches/docfiles-pathnames.patch cryptmount-5.3.3/debian/patches/docfiles-pathnames.patch --- cryptmount-5.3.3/debian/patches/docfiles-pathnames.patch 2021-01-01 15:19:51.000000000 +0000 +++ cryptmount-5.3.3/debian/patches/docfiles-pathnames.patch 2023-07-20 11:30:00.000000000 +0100 @@ -1,4 +1,7 @@ -Correct installation pathnames in documentation +Description: Correct installation pathnames in documentation + Some documentation files not installed except in Debian packaging +Author: RW Penney <rwpen...@users.sourceforge.net> +Forwarded: not-needed --- a/README +++ b/README @@ -64,7 +64,7 @@ diff -Nru cryptmount-5.3.3/debian/patches/getopt-initialization.patch cryptmount-5.3.3/debian/patches/getopt-initialization.patch --- cryptmount-5.3.3/debian/patches/getopt-initialization.patch 1970-01-01 01:00:00.000000000 +0100 +++ cryptmount-5.3.3/debian/patches/getopt-initialization.patch 2023-07-01 08:05:21.000000000 +0100 @@ -0,0 +1,14 @@ +Description: Fix memory initialization error in command-line parser +Author: RW Penney <rwpen...@users.sourceforge.net> +Forwarded: not-needed +--- a/cryptmount.c ++++ b/cryptmount.c +@@ -1372,7 +1372,7 @@ + #ifdef _GNU_SOURCE + struct option *longopts; + +- longopts = (struct option*)malloc((n_options + 1) * sizeof(struct option)); ++ longopts = (struct option*)calloc(n_options + 1, sizeof(struct option)); + for (i=0; i<n_options; ++i) { + longopts[i].name = opt_table[i].longopt; + longopts[i].has_arg = ((opt_table[i].flags & NEEDS_ARG) diff -Nru cryptmount-5.3.3/debian/patches/series cryptmount-5.3.3/debian/patches/series --- cryptmount-5.3.3/debian/patches/series 2021-01-01 15:19:50.000000000 +0000 +++ cryptmount-5.3.3/debian/patches/series 2023-07-20 11:30:00.000000000 +0100 @@ -1,4 +1,5 @@ docfiles-pathnames.patch +getopt-initialization.patch systemd-paths.patch install-example-cmtab.patch init.d-script.patch