Package: fakechroot Version: 2.5-1.1.20070212-6 Severity: important (Ignore the version, it's my local build with other fixes, the bug is clear from reading the source...)
libfakechroot.c, readlink() implementation, in particular the end-of-buffer handling, can truncate links; coreutils readlink exposes this because it starts out passing in a bufsiz of 128, and it's easy to have a FAKECHROOT_BASE nearly that deep... The fix I propose is to 1. call next_readlink with FAKECHROOT_MAXPATH-1, not bufsiz 2. check strlen(tmpptr) against bufsiz and return -1 if it won't fit 3. use strncpy so as not to overrun the input buffer 3a. return the length of the input, since the output copy might not have a null at the end. Following is a rough trace of demonstrating the truncation, using readlink from coreutils 5.2.1-2, and note that "readlink x130" gives only 27 characters of the link, instead of 30. wildcat$ fakeroot fakechroot wildcat# env | grep FAKE FAKECHROOT=true FAKEROOTKEY=1024906132 FAKECHROOT_VERSION=2.5 FAKED_MODE=unknown-is-root wildcat# mkdir /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 wildcat# echo -n /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 | wc -c 100 wildcat# export FAKECHROOT_BASE=/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 wildcat# cd /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 wildcat# unset FAKECHROOT_BASE wildcat# pwd / wildcat# cd / wildcat# ls afs/ boot/ dev/ home/ lib/ media/ opt/ root/ srv/ tmp/ var/ bin/ cdrom/ etc/ initrd/ lost+found/ mnt/ proc/ sbin/ sys/ usr/ vmlinuz@ wildcat# pwd / wildcat# ln -s /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/123456789 /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x110 wildcat# ln -s /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/1234567890123456789 /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x120 wildcat# ln -s /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/12345678901234567890123456789 /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x130 wildcat# readlink /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x130 /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/12345678901234567890123456789 wildcat# readlink /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/x130 | wc -c 131 wildcat# cd /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 wildcat# export FAKECHROOT_BASE=/tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 wildcat# pwd /tmp/56789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 wildcat# echo * bin x110 x120 x130 wildcat# readlink x130 /123456789012345678901234567 wildcat# readlink x120 /1234567890123456789 wildcat# readlink x110 /123456789 -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.15-mc2 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages fakechroot depends on: ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]