[Pkg-loop-aes-commits] r1464 - in /trunk/loop-aes-utils: ./ debian/changelog debian/patches/52_check_privdrop_return.dpatch

xam at users.alioth.debian.org xam at users.alioth.debian.org
Fri Oct 19 22:15:17 UTC 2007


Author: xam
Date: Fri Oct 19 22:15:17 2007
New Revision: 1464

URL: http://svn.debian.org/wsvn/pkg-loop-aes/?sc=1&rev=1464
Log:
Check the return value of set{u,g}id in loop-AES code

Added:
    trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch
Modified:
    trunk/loop-aes-utils/   (props changed)
    trunk/loop-aes-utils/debian/changelog

Propchange: trunk/loop-aes-utils/
------------------------------------------------------------------------------
--- svk:merge (original)
+++ svk:merge Fri Oct 19 22:15:17 2007
@@ -1,4 +1,4 @@
-02a4734a-7125-4a10-a2dd-ccf7f6155d04:/local/pkg-loop-aes/trunk/loop-aes-utils:11445
+02a4734a-7125-4a10-a2dd-ccf7f6155d04:/local/pkg-loop-aes/trunk/loop-aes-utils:11446
 53348a03-e5de-0310-b097-96e6f85ea926:/import/loop-aes-utils/branches/2.12-alternative:120
 53348a03-e5de-0310-b097-96e6f85ea926:/import/loop-aes-utils/branches/2.12-dpatch:196
 53348a03-e5de-0310-b097-96e6f85ea926:/import/loop-aes-utils/trunk/current:338

Modified: trunk/loop-aes-utils/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/changelog?rev=1464&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/changelog (original)
+++ trunk/loop-aes-utils/debian/changelog Fri Oct 19 22:15:17 2007
@@ -3,6 +3,7 @@
   * Sync with util-linux 2.13-8
   * SECURITY: mount: doesn't drop privileges properly when 
     calling helpers [CVE-2007-5191]
+  * Check the return value of set{u,g}id in loop-AES code
   * mount: chain of symlinks to fstab causes use of pointer after free
 
  -- Max Vozeler <xam at debian.org>  Fri, 19 Oct 2007 23:14:28 +0200

Added: trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch?rev=1464&op=file
==============================================================================
--- trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch (added)
+++ trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch Fri Oct 19 22:15:17 2007
@@ -1,0 +1,35 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 52_check_privdrop_return.dpatch by Max Vozeler <xam at debian.org>
+##
+## DP: Check return value of set{u,g}uid in loop-AES code
+
+ at DPATCH@
+diff --git a/mount/lomount.c b/mount/lomount.c
+--- a/mount/lomount.c
++++ b/mount/lomount.c
+@@ -444,8 +444,10 @@ static char *do_GPG_pipe(char *pass)
+ 		a[x++] = str;
+ 		a[x++] = "--decrypt";
+ 		a[x] = 0;
+-		setgid(getgid());
+-		setuid(getuid());
++		if(setgid(getgid()) < 0)
++			die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
++		if(setuid(getuid()) < 0)
++			die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
+ 		for(x = 3; x < 1024; x++) {
+ 			if(x == pfdi[0]) continue;
+ 			close(x);
+@@ -782,8 +784,10 @@ static int loop_fork_mkfs_command(char *
+ 		a[x++] = device;
+ 		a[x] = 0;
+ 		e[0] = 0;
+-		setgid(getgid());
+-		setuid(getuid());
++		if(setgid(getgid()) < 0)
++			die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
++		if(setuid(getuid()) < 0)
++			die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
+ 		for(x = 3; x < 1024; x++) {
+ 			close(x);
+ 		}




More information about the Pkg-loop-aes-commits mailing list