Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=a91de04a326a7bfee11655b5e103d41dbb94b6a1
commit a91de04a326a7bfee11655b5e103d41dbb94b6a1 Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Sun Jul 20 17:40:12 2008 +0200 afuse-0.2-2-i686 - added CVE-2008-2232.patch - closes #3243 diff --git a/source/network-extra/afuse/CVE-2008-2232.patch b/source/network-extra/afuse/CVE-2008-2232.patch new file mode 100644 index 0000000..460b1d1 --- /dev/null +++ b/source/network-extra/afuse/CVE-2008-2232.patch @@ -0,0 +1,212 @@ +diff -ur afuse-0.2.orig/src/afuse.c afuse-0.2/src/afuse.c +--- afuse-0.2.orig/src/afuse.c 2008-02-18 17:16:32.000000000 -0500 ++++ afuse-0.2/src/afuse.c 2008-07-10 21:50:06.000000000 -0400 +@@ -280,14 +280,19 @@ + } + + +-// !!FIXME!! allow escaping of %'s + // Note: this method strips out quotes and applies them itself as should be appropriate +-char *expand_template(const char *template, const char *mount_point, const char *root_name) ++bool run_template(const char *template, const char *mount_point, const char *root_name) + { + int len = 0; ++ int nargs = 1; + int i; +- char *expanded_name; +- char *expanded_name_start; ++ char *buf; ++ char *p; ++ char **args; ++ char **arg; ++ bool quote = false; ++ pid_t pid; ++ int status; + + // calculate length + for(i = 0; template[i]; i++) +@@ -295,53 +300,100 @@ + switch(template[i + 1]) + { + case 'm': +- len += strlen(mount_point) + 2; ++ len += strlen(mount_point); + i++; + break; + case 'r': +- len += strlen(root_name) + 2; ++ len += strlen(root_name); ++ i++; ++ break; ++ case '%': ++ len++; + i++; + break; + } +- } else if(template[i] != '"') ++ } else if(template[i] == ' ' && !quote) { ++ len++; ++ nargs++; ++ } else if(template[i] == '"') ++ quote = !quote; ++ else if(template[i] == '\\' && template[i + 1]) ++ len++, i++; ++ else + len++; + +- expanded_name_start = expanded_name = my_malloc(len + 1); ++ buf = my_malloc(len + 1); ++ args = my_malloc((nargs + 1) * sizeof(*args)); ++ ++ p = buf; ++ arg = args; ++ *arg++ = p; + + for(i = 0; template[i]; i++) + if(template[i] == '%') { +- int j = 0; + switch(template[i + 1]) + { + case 'm': +- *expanded_name++ = '"'; +- while(mount_point[j]) +- *expanded_name++ = mount_point[j++]; +- *expanded_name++ = '"'; ++ strcpy(p, mount_point); ++ p += strlen(mount_point); + i++; + break; + case 'r': +- *expanded_name++ = '"'; +- while(root_name[j]) +- *expanded_name++ = root_name[j++]; +- *expanded_name++ = '"'; ++ strcpy(p, root_name); ++ p += strlen(root_name); ++ i++; ++ break; ++ case '%': ++ *p++ = '%'; + i++; + break; + } +- } else if(template[i] != '"') +- *expanded_name++ = template[i]; +- +- *expanded_name = '\0'; +- +- return expanded_name_start; ++ } else if(template[i] == ' ' && !quote) { ++ *p++ = '\0'; ++ *arg++ = p; ++ } else if(template[i] == '"') ++ quote = !quote; ++ else if(template[i] == '\\' && template[i + 1]) ++ *p++ = template[++i]; ++ else ++ *p++ = template[i]; ++ ++ *p = '\0'; ++ *arg = NULL; ++ ++ pid = fork(); ++ if(pid == -1) { ++ fprintf(stderr, "Failed to fork (%s)\n", strerror(errno)); ++ free(args); ++ free(buf); ++ return false; ++ } ++ if(pid == 0) { ++ execvp(args[0], args); ++ abort(); ++ } ++ pid = waitpid(pid, &status, 0); ++ if(pid == -1) { ++ fprintf(stderr, "Failed to waitpid (%s)\n", strerror(errno)); ++ free(args); ++ free(buf); ++ return false; ++ } ++ if(!WIFEXITED(status) || WEXITSTATUS(status) != 0) { ++ fprintf(stderr, "Failed to invoke command: %s\n", args[0]); ++ free(args); ++ free(buf); ++ return false; ++ } ++ free(args); ++ free(buf); ++ return true; + } + + mount_list_t *do_mount(const char *root_name) + { + char *mount_point; +- char *mount_command; + mount_list_t *mount; +- int sysret; + + fprintf(stderr, "Mounting: %s\n", root_name); + +@@ -351,57 +403,33 @@ + return NULL; + } + +- mount_command = expand_template(user_options.mount_command_template, +- mount_point, root_name); +- sysret = system(mount_command); +- +- fprintf(stderr, "sysret: %.8x\n", sysret); +- +- if(sysret) { +- fprintf(stderr, "Failed to invoke mount command: '%s' (%s)\n", +- mount_command, sysret != -1 ? +- "Error executing mount" : +- strerror(errno)); +- ++ if(!run_template(user_options.mount_command_template, ++ mount_point, root_name)) { + // remove the now unused directory + if( rmdir(mount_point) == -1 ) + fprintf(stderr, "Failed to remove mount point dir: %s (%s)", + mount_point, strerror(errno)); + +- free(mount_command); + free(mount_point); + return NULL; + } + + mount = add_mount(root_name, mount_point); +- +- free(mount_command); + return mount; + } + + int do_umount(mount_list_t *mount) + { +- char *unmount_command; +- int sysret; +- + fprintf(stderr, "Unmounting: %s\n", mount->root_name); + +- unmount_command = expand_template(user_options.unmount_command_template, +- mount->mount_point, mount->root_name); +- sysret = system(unmount_command); +- if(sysret) { +- fprintf(stderr, "Failed to invoke unmount command: '%s' (%s)\n", +- unmount_command, sysret != -1 ? +- "Error executing mount" : +- strerror(errno)); +- /* Still unmount anyway */ +- } ++ run_template(user_options.unmount_command_template, ++ mount->mount_point, mount->root_name); ++ /* Still unmount anyway */ + + if( rmdir(mount->mount_point) == -1 ) + fprintf(stderr, "Failed to remove mount point dir: %s (%s)", + mount->mount_point, strerror(errno)); + remove_mount(mount); +- free(unmount_command); + return 1; + } + diff --git a/source/network-extra/afuse/FrugalBuild b/source/network-extra/afuse/FrugalBuild index ad0a72e..6421834 100644 --- a/source/network-extra/afuse/FrugalBuild +++ b/source/network-extra/afuse/FrugalBuild @@ -3,12 +3,14 @@ pkgname=afuse pkgver=0.2 -pkgrel=1 +pkgrel=2 pkgdesc="Implements filesystem automounting functionality similar to autofs." Finclude sourceforge depends=('fuse') groups=('network-extra') archs=('i686' 'x86_64') -sha1sums=('c42b1cee671ac4e98c882e33adc0834c4553f24a') +source=($source CVE-2008-2232.patch) +sha1sums=('c42b1cee671ac4e98c882e33adc0834c4553f24a' \ + '68ac6533f55b0c379752c0bbdd4d0f9c8b676866') # optimization OK _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git