systemd/fix-potential-bad-mem-access.patch

From ac97e2c559f5d386a332aba4a24bf9930cdb1c51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 19 Nov 2012 16:36:38 +0100
Subject: [PATCH] core/load-fragment: fix (potential) bad memory access

strncmp() could be used with size bigger then the size of the string,
because MAX was used instead of MIN.

If failing, print just the offending mount flag.
---
 src/core/load-fragment.c |   17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 01f9484..6933e1a 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1101,15 +1101,22 @@ int config_parse_exec_mount_flags(
         assert(rvalue);
         assert(data);
 
-        FOREACH_WORD_QUOTED(w, l, rvalue, state) {
-                if (strncmp(w, "shared", MAX(l, 6U)) == 0)
+        FOREACH_WORD_SEPARATOR(w, l, rvalue, ", ", state) {
+                char _cleanup_free_ *t;
+
+                t = strndup(w, l);
+                if (!t)
+                        return -ENOMEM;
+
+                if (streq(t, "shared"))
                         flags |= MS_SHARED;
-                else if (strncmp(w, "slave", MAX(l, 5U)) == 0)
+                else if (streq(t, "slave"))
                         flags |= MS_SLAVE;
-                else if (strncmp(w, "private", MAX(l, 7U)) == 0)
+                else if (streq(w, "private"))
                         flags |= MS_PRIVATE;
                 else {
-                        log_error("[%s:%u] Failed to parse mount flags, ignoring: %s", filename, line, rvalue);
+                        log_error("[%s:%u] Failed to parse mount flag %s, ignoring: %s",
+                                  filename, line, t, rvalue);
                         return 0;
                 }
         }
-- 
1.7.10.4
- Add systemctl-options.patch: handle SYSTEMCTL_OPTIONS internaly (bnc#798620). - Update crypt-loop-file.patch to correctly detect crypto loop files (bnc#799514). - Add journalctl-remove-leftover-message.patch: remove debug message in systemctl. - Add job-avoid-recursion-when-cancelling.patch: prevent potential recursion when cancelling a service. - Add sysctl-parse-all-keys.patch: ensure sysctl file is fully parsed. - Add journal-fix-cutoff-max-date.patch: fix computation of cutoff max date for journal. - Add reword-rescue-mode-hints.patch: reword rescue prompt. - Add improve-overflow-checks.patch: improve time overflow checks. - Add fix-swap-behaviour-with-symlinks.patch: fix swap behaviour with symlinks. - Add hostnamectl-fix-set-hostname-with-no-argument.patch: ensure hostnamectl requires an argument when called with set-hostname option. - Add agetty-overrides-term.patch: pass correctly terminal type to agetty. - Add check-for-empty-strings-in-strto-conversions.patch: better check for empty strings in strto* conversions. - Add strv-cleanup-error-path-loops.patch: cleanup strv on error path. - Add cryptsetup-handle-plain.patch: correctly handle "plain" option in cryptsetup. - Add fstab-generator-improve-error-message.patch: improve error message in fstab-generator. - Add delta-accept-t-option.patch: accept -t option in OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=331 2013-01-23 14:44:07 +01:00			`From ac97e2c559f5d386a332aba4a24bf9930cdb1c51 Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>`
			`Date: Mon, 19 Nov 2012 16:36:38 +0100`
			`Subject: [PATCH] core/load-fragment: fix (potential) bad memory access`

			`strncmp() could be used with size bigger then the size of the string,`
			`because MAX was used instead of MIN.`

			`If failing, print just the offending mount flag.`
			`---`
			`src/core/load-fragment.c \| 17 ++++++++++++-----`
			`1 file changed, 12 insertions(+), 5 deletions(-)`

			`diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c`
			`index 01f9484..6933e1a 100644`
			`--- a/src/core/load-fragment.c`
			`+++ b/src/core/load-fragment.c`
			`@@ -1101,15 +1101,22 @@ int config_parse_exec_mount_flags(`
			`assert(rvalue);`
			`assert(data);`

			`- FOREACH_WORD_QUOTED(w, l, rvalue, state) {`
			`- if (strncmp(w, "shared", MAX(l, 6U)) == 0)`
			`+ FOREACH_WORD_SEPARATOR(w, l, rvalue, ", ", state) {`
			`+ char _cleanup_free_ *t;`
			`+`
			`+ t = strndup(w, l);`
			`+ if (!t)`
			`+ return -ENOMEM;`
			`+`
			`+ if (streq(t, "shared"))`
			`flags \|= MS_SHARED;`
			`- else if (strncmp(w, "slave", MAX(l, 5U)) == 0)`
			`+ else if (streq(t, "slave"))`
			`flags \|= MS_SLAVE;`
			`- else if (strncmp(w, "private", MAX(l, 7U)) == 0)`
			`+ else if (streq(w, "private"))`
			`flags \|= MS_PRIVATE;`
			`else {`
			`- log_error("[%s:%u] Failed to parse mount flags, ignoring: %s", filename, line, rvalue);`
			`+ log_error("[%s:%u] Failed to parse mount flag %s, ignoring: %s",`
			`+ filename, line, t, rvalue);`
			`return 0;`
			`}`
			`}`
			`--`
			`1.7.10.4`