Tree - rpms/udisks2 - CentOS Git server

neil / rpms / udisks2

Forked from rpms/udisks2 a year ago

Source
Stats

Blame SOURCES/0001-Fix-string-format-vulnerability.patch

Blob History Raw

		95421e	`From 76a6754bf0d97628f54081e3d83bdc3c690af0fd Mon Sep 17 00:00:00 2001`
		95421e	`From: =?UTF-8?q?Kai=20L=C3=BCke?= <kailueke@riseup.net>`
		95421e	`Date: Tue, 18 Sep 2018 13:12:14 +0200`
		95421e	`Subject: [PATCH] Fix string format vulnerability`
		95421e
		95421e	`If the message in g_log_structured itself`
		95421e	`contained format sequences like %d or %n they`
		95421e	`were applied again, leading to leaked stack contents`
		95421e	`and possibly memory corruption. It can be triggered`
		95421e	`e.g. by a volume label containing format sequences.`
		95421e
		95421e	`Print the message argument itself into a "%s" string`
		95421e	`to avoid intepreting format sequences.`
		95421e
		95421e	`https://github.com/storaged-project/udisks/issues/578`
		95421e	`---`
		95421e	`src/udiskslogging.c \| 2 +-`
		95421e	`1 file changed, 1 insertion(+), 1 deletion(-)`
		95421e
		95421e	`diff --git a/src/udiskslogging.c b/src/udiskslogging.c`
		95421e	`index ab49fcbf..47a3af23 100644`
		95421e	`--- a/src/udiskslogging.c`
		95421e	`+++ b/src/udiskslogging.c`
		95421e	`@@ -60,7 +60,7 @@ udisks_log (UDisksLogLevel level,`
		95421e
		95421e	`#if GLIB_CHECK_VERSION(2, 50, 0)`
		95421e	`g_log_structured ("udisks", (GLogLevelFlags) level,`
		95421e	`- "MESSAGE", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid),`
		95421e	`+ "MESSAGE", "%s", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid),`
		95421e	`"CODE_FUNC", function, "CODE_FILE", location);`
		95421e	`#else`
		95421e	`g_log ("udisks", level, "[%d]: %s [%s, %s()]", (gint) syscall (SYS_gettid), message, location, function);`
		95421e	`--`
		95421e	`2.17.1`
		95421e

neil / rpms / udisks2

Source Code

Blame SOURCES/0001-Fix-string-format-vulnerability.patch