diff options
6 files changed, 203 insertions, 0 deletions
diff --git a/debian/patches/0001-ftpfs-fix-error-handling-in-refresh_dir.patch b/debian/patches/0001-ftpfs-fix-error-handling-in-refresh_dir.patch new file mode 100644 index 00000000..086f5c3a --- /dev/null +++ b/debian/patches/0001-ftpfs-fix-error-handling-in-refresh_dir.patch @@ -0,0 +1,46 @@ +From 94e684b35dd5455e1cb4ac5e5f2aab2df0ebb2db Mon Sep 17 00:00:00 2001 +From: Justus Winter <4winter@informatik.uni-hamburg.de> +Date: Wed, 20 Nov 2013 11:58:41 +0100 +Subject: [PATCH 1/5] ftpfs: fix error handling in refresh_dir + +Found using the Clang Static Analyzer. + +* ftpfs/dir.c (refresh_dir): Fix error handling. +--- + ftpfs/dir.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/ftpfs/dir.c b/ftpfs/dir.c +index da5ddbe..a9fea22 100644 +--- a/ftpfs/dir.c ++++ b/ftpfs/dir.c +@@ -384,14 +384,18 @@ refresh_dir (struct ftpfs_dir *dir, int update_stats, time_t timestamp, + if (! err) + err = update_ordered_name ("..", &dfs); + +- /* Refetch the directory from the server. */ +- if (update_stats) +- /* Fetch both names and stat info. */ +- err = ftp_conn_get_stats (conn, dir->rmt_path, 1, +- update_ordered_entry, &dfs); +- else +- /* Just fetch names. */ +- err = ftp_conn_get_names (conn, dir->rmt_path, update_ordered_name, &dfs); ++ if (! err) ++ { ++ /* Refetch the directory from the server. */ ++ if (update_stats) ++ /* Fetch both names and stat info. */ ++ err = ftp_conn_get_stats (conn, dir->rmt_path, 1, ++ update_ordered_entry, &dfs); ++ else ++ /* Just fetch names. */ ++ err = ftp_conn_get_names (conn, dir->rmt_path, ++ update_ordered_name, &dfs); ++ } + + if (! err) + /* GC any directory entries that weren't seen this time. */ +-- +2.0.0 + diff --git a/debian/patches/0002-libshouldbeinlibc-fix-dead-initialization-in-fmt_nam.patch b/debian/patches/0002-libshouldbeinlibc-fix-dead-initialization-in-fmt_nam.patch new file mode 100644 index 00000000..dbabc031 --- /dev/null +++ b/debian/patches/0002-libshouldbeinlibc-fix-dead-initialization-in-fmt_nam.patch @@ -0,0 +1,30 @@ +From 3bef76f4db1d08ec1ee46d0c8d245523cf5feebb Mon Sep 17 00:00:00 2001 +From: Justus Winter <4winter@informatik.uni-hamburg.de> +Date: Wed, 20 Nov 2013 12:17:03 +0100 +Subject: [PATCH 2/5] libshouldbeinlibc: fix dead initialization in + fmt_named_interval + +Found using the Clang Static Analyzer. + +* libshouldbeinlibc/timefmt.c (fmt_named_interval): Fix dead +initialization. +--- + libshouldbeinlibc/timefmt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libshouldbeinlibc/timefmt.c b/libshouldbeinlibc/timefmt.c +index a28f58b..cef72e0 100644 +--- a/libshouldbeinlibc/timefmt.c ++++ b/libshouldbeinlibc/timefmt.c +@@ -105,7 +105,7 @@ fmt_named_interval (struct timeval *tv, size_t width, + {{0, 1}, {0, 1}, {0, 0}, {" microsecond", "us", 0 }}, + {{0, 0} } + }; +- struct tscale *ts = time_scales; ++ struct tscale *ts; + + if (width <= 0 || width >= buf_len) + width = buf_len - 1; +-- +2.0.0 + diff --git a/debian/patches/0003-trans-fakeroot-fix-error-handling.patch b/debian/patches/0003-trans-fakeroot-fix-error-handling.patch new file mode 100644 index 00000000..2a6bae94 --- /dev/null +++ b/debian/patches/0003-trans-fakeroot-fix-error-handling.patch @@ -0,0 +1,29 @@ +From 8c769b20fdc47d3e943806abe5aa5fe2b517a092 Mon Sep 17 00:00:00 2001 +From: Justus Winter <4winter@informatik.uni-hamburg.de> +Date: Mon, 16 Jun 2014 16:50:12 +0200 +Subject: [PATCH 3/5] trans/fakeroot: fix error handling + +Found using the Clang Static Analyzer. + +* trans/fakeroot.c (new_node): Do not leak a pointer to freed memory. +Store NULL at *np instead. This fixes a node use-after-free in +netfs_S_dir_lookup. +--- + trans/fakeroot.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/trans/fakeroot.c b/trans/fakeroot.c +index 32a34ec..df2de64 100644 +--- a/trans/fakeroot.c ++++ b/trans/fakeroot.c +@@ -119,6 +119,7 @@ new_node (file_t file, mach_port_t idport, int locked, int openmodes, + mach_port_deallocate (mach_task_self (), nn->idport); + mach_port_deallocate (mach_task_self (), file); + free (*np); ++ *np = NULL; + return err; + } + +-- +2.0.0 + diff --git a/debian/patches/0004-libports-avoid-realloc-3-corner-case.patch b/debian/patches/0004-libports-avoid-realloc-3-corner-case.patch new file mode 100644 index 00000000..7af7f42b --- /dev/null +++ b/debian/patches/0004-libports-avoid-realloc-3-corner-case.patch @@ -0,0 +1,34 @@ +From 430cd222921336dc9e06170c2e4a2e7024a8cadb Mon Sep 17 00:00:00 2001 +From: Justus Winter <4winter@informatik.uni-hamburg.de> +Date: Mon, 16 Jun 2014 17:34:22 +0200 +Subject: [PATCH 4/5] libports: avoid realloc(3) corner case + +If the size argument is 0, realloc may either return NULL, or return a +pointer that is only valid for use with free(3). In either case, the +memory is freed. So if realloc would return NULL (it does not on +GNU), the current code would double free p. + +Found using the Clang Static Analyzer. + +* libports/bucket-iterate.c (_ports_bucket_class_iterate): Avoid +calling realloc if no ports were matched. +--- + libports/bucket-iterate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libports/bucket-iterate.c b/libports/bucket-iterate.c +index babc204..2d1b00d 100644 +--- a/libports/bucket-iterate.c ++++ b/libports/bucket-iterate.c +@@ -65,7 +65,7 @@ _ports_bucket_class_iterate (struct port_bucket *bucket, + } + pthread_mutex_unlock (&_ports_lock); + +- if (n != nr_items) ++ if (n != 0 && n != nr_items) + { + /* We allocated too much. Release unused memory. */ + void **new = realloc (p, n * sizeof *p); +-- +2.0.0 + diff --git a/debian/patches/0005-libdiskfs-add-permission-check-to-file_chflags.patch b/debian/patches/0005-libdiskfs-add-permission-check-to-file_chflags.patch new file mode 100644 index 00000000..44140fc2 --- /dev/null +++ b/debian/patches/0005-libdiskfs-add-permission-check-to-file_chflags.patch @@ -0,0 +1,59 @@ +From 3ea1eb1af128d1a20949983d212ef529becc6a77 Mon Sep 17 00:00:00 2001 +From: Justus Winter <4winter@informatik.uni-hamburg.de> +Date: Tue, 10 Jun 2014 14:22:31 +0200 +Subject: [PATCH 5/5] libdiskfs: add permission check to file_chflags + +Only root is allowed to change the high 16 bits. The TODO entry says +otherwise, but that must be a mistake. For reference, see the glibc +sources, sysdeps/mach/hurd/bits/stat.h. + +* libdiskfs/file-chflags.c (diskfs_S_file_chflags): Add permission +check. +* TODO (libdiskfs): Remove entry. +--- + TODO | 2 -- + libdiskfs/file-chflags.c | 8 ++++++++ + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/TODO b/TODO +index d2500dc..0387e9f 100644 +--- a/TODO ++++ b/TODO +@@ -108,8 +108,6 @@ See `tasks', the exported task list. + Rename the rest to libhurdutil or somesuch. + + ** libdiskfs +-*** file_chflags does not do proper permission checking (non-root isn't +- supposed to be able to change the low bits) + *** Add the short-circuited-but-not-builtin translator startup code from + dir-lookup to fsys_getroot. Compare and match carefully these two + routines and then share common code. +diff --git a/libdiskfs/file-chflags.c b/libdiskfs/file-chflags.c +index 01dc495..a29ff07 100644 +--- a/libdiskfs/file-chflags.c ++++ b/libdiskfs/file-chflags.c +@@ -23,8 +23,15 @@ kern_return_t + diskfs_S_file_chflags (struct protid *cred, + int flags) + { ++#define HI(X) ((X) & 0xffff0000u) + CHANGE_NODE_FIELD (cred, + ({ ++ /* Only root is allowed to change the high 16 ++ bits. */ ++ if ((HI (flags) != HI (np->dn_stat.st_flags)) ++ && ! idvec_contains (cred->user->uids, 0)) ++ return EPERM; ++ + err = fshelp_isowner (&np->dn_stat, cred->user); + if (!err) + err = diskfs_validate_flags_change (np, flags); +@@ -37,4 +44,5 @@ diskfs_S_file_chflags (struct protid *cred, + diskfs_notice_filechange(np, FILE_CHANGED_META, + 0, 0); + })); ++#undef HI + } +-- +2.0.0 + diff --git a/debian/patches/series b/debian/patches/series index a7efa410..ccef28f8 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -45,3 +45,8 @@ fix-net_rcv_msg.patch #pp.patch #pp-dde.patch #pp-random.patch +0001-ftpfs-fix-error-handling-in-refresh_dir.patch +0002-libshouldbeinlibc-fix-dead-initialization-in-fmt_nam.patch +0003-trans-fakeroot-fix-error-handling.patch +0004-libports-avoid-realloc-3-corner-case.patch +0005-libdiskfs-add-permission-check-to-file_chflags.patch |