guix-devel/gnu/packages/patches/fuse-CVE-2015-3202.patch

The following patch was copied from Debian.

Description: Fix CVE-2015-3202
 Missing scrubbing of the environment before executing a mount or umount
 of a filesystem.
Origin: upstream
Author: Miklos Szeredi <miklos@szeredi.hu>
Last-Update: 2015-05-19

---
 lib/mount_util.c |   23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

--- a/lib/mount_util.c
+++ b/lib/mount_util.c
@@ -95,10 +95,12 @@ static int add_mount(const char *prognam
 		goto out_restore;
 	}
 	if (res == 0) {
+		char *env = NULL;
+
 		sigprocmask(SIG_SETMASK, &oldmask, NULL);
 		setuid(geteuid());
-		execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
-		      "-f", "-t", type, "-o", opts, fsname, mnt, NULL);
+		execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
+		       "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env);
 		fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",
 			progname, strerror(errno));
 		exit(1);
@@ -146,10 +148,17 @@ static int exec_umount(const char *progn
 		goto out_restore;
 	}
 	if (res == 0) {
+		char *env = NULL;
+
 		sigprocmask(SIG_SETMASK, &oldmask, NULL);
 		setuid(geteuid());
-		execl("/bin/umount", "/bin/umount", "-i", rel_mnt,
-		      lazy ? "-l" : NULL, NULL);
+		if (lazy) {
+			execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
+			       "-l", NULL, &env);
+		} else {
+			execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
+			       NULL, &env);
+		}
 		fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
 			progname, strerror(errno));
 		exit(1);
@@ -205,10 +214,12 @@ static int remove_mount(const char *prog
 		goto out_restore;
 	}
 	if (res == 0) {
+		char *env = NULL;
+
 		sigprocmask(SIG_SETMASK, &oldmask, NULL);
 		setuid(geteuid());
-		execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
-		      "--fake", mnt, NULL);
+		execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
+		       "--fake", mnt, NULL, &env);
 		fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
 			progname, strerror(errno));
 		exit(1);
gnu: fuse: Add fix for CVE-2015-3202. * gnu/packages/patches/fuse-CVE-2015-3202.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/linux.scm (fuse): Add patch. 2015-05-22 06:09:26 +02:00			`The following patch was copied from Debian.`

			`Description: Fix CVE-2015-3202`
			`Missing scrubbing of the environment before executing a mount or umount`
			`of a filesystem.`
			`Origin: upstream`
			`Author: Miklos Szeredi <miklos@szeredi.hu>`
			`Last-Update: 2015-05-19`

			`---`
			`lib/mount_util.c \| 23 +++++++++++++++++------`
			`1 file changed, 17 insertions(+), 6 deletions(-)`

			`--- a/lib/mount_util.c`
			`+++ b/lib/mount_util.c`
			`@@ -95,10 +95,12 @@ static int add_mount(const char *prognam`
			`goto out_restore;`
			`}`
			`if (res == 0) {`
			`+ char *env = NULL;`
			`+`
			`sigprocmask(SIG_SETMASK, &oldmask, NULL);`
			`setuid(geteuid());`
			`- execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",`
			`- "-f", "-t", type, "-o", opts, fsname, mnt, NULL);`
			`+ execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",`
			`+ "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env);`
			`fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",`
			`progname, strerror(errno));`
			`exit(1);`
			`@@ -146,10 +148,17 @@ static int exec_umount(const char *progn`
			`goto out_restore;`
			`}`
			`if (res == 0) {`
			`+ char *env = NULL;`
			`+`
			`sigprocmask(SIG_SETMASK, &oldmask, NULL);`
			`setuid(geteuid());`
			`- execl("/bin/umount", "/bin/umount", "-i", rel_mnt,`
			`- lazy ? "-l" : NULL, NULL);`
			`+ if (lazy) {`
			`+ execle("/bin/umount", "/bin/umount", "-i", rel_mnt,`
			`+ "-l", NULL, &env);`
			`+ } else {`
			`+ execle("/bin/umount", "/bin/umount", "-i", rel_mnt,`
			`+ NULL, &env);`
			`+ }`
			`fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",`
			`progname, strerror(errno));`
			`exit(1);`
			`@@ -205,10 +214,12 @@ static int remove_mount(const char *prog`
			`goto out_restore;`
			`}`
			`if (res == 0) {`
			`+ char *env = NULL;`
			`+`
			`sigprocmask(SIG_SETMASK, &oldmask, NULL);`
			`setuid(geteuid());`
			`- execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",`
			`- "--fake", mnt, NULL);`
			`+ execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",`
			`+ "--fake", mnt, NULL, &env);`
			`fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",`
			`progname, strerror(errno));`
			`exit(1);`