From 52454db779c93e12bcc6b59858d0f0375a2b4308 Mon Sep 17 00:00:00 2001 From: Luk Claes Date: Wed, 8 Jun 2011 20:32:35 +0200 Subject: [PATCH] Use upstream's patch instead Signed-off-by: Luk Claes --- .../patches/21-anticipate-RLIMIT_FSIZE.patch | 60 +++++++++++++++---- 1 file changed, 49 insertions(+), 11 deletions(-) diff --git a/debian/patches/21-anticipate-RLIMIT_FSIZE.patch b/debian/patches/21-anticipate-RLIMIT_FSIZE.patch index d2201d5..cdd3767 100644 --- a/debian/patches/21-anticipate-RLIMIT_FSIZE.patch +++ b/debian/patches/21-anticipate-RLIMIT_FSIZE.patch @@ -1,17 +1,55 @@ -Index: nfs-utils/support/nfs/nfs_mntent.c -=================================================================== ---- nfs-utils.orig/support/nfs/nfs_mntent.c 2011-06-07 12:08:56.000000000 +0200 -+++ nfs-utils/support/nfs/nfs_mntent.c 2011-06-07 12:11:32.000000000 +0200 -@@ -143,7 +143,11 @@ +From: NeilBrown +Date: Mon, 23 May 2011 12:19:57 +0000 (-0400) +Subject: Remove risk of nfs_addmntent corrupting mtab +X-Git-Url: http://git.linux-nfs.org/?p=steved%2Fnfs-utils.git;a=commitdiff_plain;h=7a802337bfc92d0b30fe94dbd0fa231990a26161 + +Remove risk of nfs_addmntent corrupting mtab + +nfs_addmntent is used to append directly to /etc/mtab. +If the write partially fail, e.g. due to RLIMIT_FSIZE, +truncate back to original size and return an error. + +See also https://bugzilla.redhat.com/show_bug.cgi?id=697975 +(CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE + +Signed-off-by: NeilBrown +Signed-off-by: Steve Dickson +--- + +diff --git a/support/nfs/nfs_mntent.c b/support/nfs/nfs_mntent.c +index a5216fc..a2118a2 100644 +--- a/support/nfs/nfs_mntent.c ++++ b/support/nfs/nfs_mntent.c +@@ -12,6 +12,7 @@ + #include /* for index */ + #include /* for isdigit */ + #include /* for umask */ ++#include /* for ftruncate */ + + #include "nfs_mntent.h" + #include "nls.h" +@@ -127,9 +128,11 @@ int + nfs_addmntent (mntFILE *mfp, struct mntent *mnt) { + char *m1, *m2, *m3, *m4; + int res; ++ off_t length; + + if (fseek (mfp->mntent_fp, 0, SEEK_END)) + return 1; /* failure */ ++ length = ftell(mfp->mntent_fp); + + m1 = mangle(mnt->mnt_fsname); + m2 = mangle(mnt->mnt_dir); +@@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mntent *mnt) { free(m2); free(m3); free(m4); -- return (res < 0) ? 1 : 0; -+ if (res < 0) -+ return 1; -+ else { -+ return (fflush(mfp->mntent_fp) == 0) ? 0 : 1; ++ if (res >= 0) { ++ res = fflush(mfp->mntent_fp); ++ if (res < 0) ++ /* Avoid leaving a corrupt mtab file */ ++ ftruncate(fileno(mfp->mntent_fp), length); + } + return (res < 0) ? 1 : 0; } - /* Read the next entry from the file fp. Stop reading at an incorrect entry. */ -- 2.39.5