gnu/packages/patches/fuse-CVE-2015-3202.patch

   1 The following patch was copied from Debian.
   2
   3 Description: Fix CVE-2015-3202
   4  Missing scrubbing of the environment before executing a mount or umount
   5  of a filesystem.
   6 Origin: upstream
   7 Author: Miklos Szeredi <miklos@szeredi.hu>
   8 Last-Update: 2015-05-19
   9
  10 ---
  11  lib/mount_util.c |   23 +++++++++++++++++------
  12  1 file changed, 17 insertions(+), 6 deletions(-)
  13
  14 --- a/lib/mount_util.c
  15 +++ b/lib/mount_util.c
  16 @@ -95,10 +95,12 @@ static int add_mount(const char *prognam
  17                 goto out_restore;
  18         }
  19         if (res == 0) {
  20 +               char *env = NULL;
  21 +
  22                 sigprocmask(SIG_SETMASK, &oldmask, NULL);
  23                 setuid(geteuid());
  24 -               execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
  25 -                     "-f", "-t", type, "-o", opts, fsname, mnt, NULL);
  26 +               execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
  27 +                      "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env);
  28                 fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",
  29                         progname, strerror(errno));
  30                 exit(1);
  31 @@ -146,10 +148,17 @@ static int exec_umount(const char *progn
  32                 goto out_restore;
  33         }
  34         if (res == 0) {
  35 +               char *env = NULL;
  36 +
  37                 sigprocmask(SIG_SETMASK, &oldmask, NULL);
  38                 setuid(geteuid());
  39 -               execl("/bin/umount", "/bin/umount", "-i", rel_mnt,
  40 -                     lazy ? "-l" : NULL, NULL);
  41 +               if (lazy) {
  42 +                       execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
  43 +                              "-l", NULL, &env);
  44 +               } else {
  45 +                       execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
  46 +                              NULL, &env);
  47 +               }
  48                 fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
  49                         progname, strerror(errno));
  50                 exit(1);
  51 @@ -205,10 +214,12 @@ static int remove_mount(const char *prog
  52                 goto out_restore;
  53         }
  54         if (res == 0) {
  55 +               char *env = NULL;
  56 +
  57                 sigprocmask(SIG_SETMASK, &oldmask, NULL);
  58                 setuid(geteuid());
  59 -               execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
  60 -                     "--fake", mnt, NULL);
  61 +               execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
  62 +                      "--fake", mnt, NULL, &env);
  63                 fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
  64                         progname, strerror(errno));
  65                 exit(1);