Re: squeeze update of fuse?

Tue, 26 May 2015 09:44:14 -0700 

Hi Laszlo,

Please find the attached dpatch to prevent CVE-2015-3202 in squeeze. It
makes lib/mount_util.c use execle instead of execl to run external
helpers.

Please, let me know if you want me to upload a patched package, or if
you want to do it by yourself.

Cheers,

Santiago

#! /bin/sh /usr/share/dpatch/dpatch-run
## 004-CVE-2015-3202.dpatch by  <santiag...@riseup.net>
##
## DP: Fixes CVE-2015-3202.
## DP: Backported from fuse_2.9.0-2+deb7u2

@DPATCH@
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' 
'--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' 
fuse-2.8.4~/lib/mount_util.c fuse-2.8.4/lib/mount_util.c
--- fuse-2.8.4~/lib/mount_util.c        2010-03-08 16:18:43.000000000 +0100
+++ fuse-2.8.4/lib/mount_util.c 2015-05-26 18:15:10.571012189 +0200
@@ -78,6 +78,7 @@
        if (res == 0) {
                char templ[] = "/tmp/fusermountXXXXXX";
                char *tmp;
+        char *env = NULL;
 
                sigprocmask(SIG_SETMASK, &oldmask, NULL);
                setuid(geteuid());
@@ -99,8 +100,8 @@
                        exit(1);
                }
                rmdir(tmp);
-               execl("/bin/mount", "/bin/mount", "-i", "-f", "-t", type,
-                     "-o", opts, fsname, mnt, NULL);
+               execle("/bin/mount", "/bin/mount", "-i", "-f", "-t", type,
+                "-o", opts, fsname, mnt, NULL, &env);
                fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",
                        progname, strerror(errno));
                exit(1);
@@ -148,10 +149,12 @@
                dup2(fd, 1);
                dup2(fd, 2);
 
+               char *env = NULL;
+
                sigprocmask(SIG_SETMASK, &oldmask, NULL);
                setuid(geteuid());
-               execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
-                     "-f", "-t", type, "-o", opts, fsname, mnt, NULL);
+               execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
+                     "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env);
                fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",
                        progname, strerror(errno));
                exit(1);
@@ -205,10 +208,17 @@
                goto out_restore;
        }
        if (res == 0) {
+               char *env = NULL;
+
                sigprocmask(SIG_SETMASK, &oldmask, NULL);
                setuid(geteuid());
-               execl("/bin/umount", "/bin/umount", "-i", rel_mnt,
-                     lazy ? "-l" : NULL, NULL);
+        if (lazy) {
+                       execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
+                              "-l", NULL, &env);
+               } else {
+                       execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
+                              NULL, &env);
+               }
                fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
                        progname, strerror(errno));
                exit(1);

Attachment: signature.asc
Description: Digital signature

Reply via email to