Bug#993373: Use-after-free bug in realpath()

Dear Antonin Thanks for your replay. On Tuesday, August 31, 2021 4:04 PM, Antonin Décimo wrote: > Last year I wrote a lot of patches for pmount, amongst which two > remove the bundled implementation of realpath and switch to the > "modern" interface > > char *realpath(const char *restrict path

Bug#993373: [PATCH 1/2] Populate with dummy test data

This is derived (and slightly expanded) from the old-upstream revision 144. --- tests/check_fstab/a | 1 + tests/check_fstab/b | 1 + tests/check_fstab/c | 1 + tests/check_fstab/d | 1 + tests/check_fstab/e | 1 + 5 files changed, 5 insertions(+) create mode 100644 tests/check_fstab/a create m

Bug#993373: Subject: [PATCH 2/2] Fix use-after-free bug in realpath()

The memory provided by `buf` is still reference by `path` and used after the free call. Delay the freeing until after using it. --- src/realpath.c | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/realpath.c b/src/realpath.c index 1cf7eaf..9133605 100644 --- a/

Bug#993373: Use-after-free bug in realpath()

Package: pmount Version: 0.9.23-6 Tags: patch Dear Debian maintainers I stumbled over a use-after-free bug in pmount. It's in its realpath implementation when dealing with stacked symlinks, i.e. symlinks pointing to symlinks. (Ironically, pmount "switched to a [self-made] implementation of re