Package: bindfs
Version: 1.10.3-1.1
Severity: grave
Tags: upstream patch
Justification: renders package unusable
Hi,
please see attached patch. Upstream implemented a different fix
in 1.10.4 and later.
I don't think this renders the package unusable for every user
or in every case, but it seems to me that this scenario is
probably very common and I'm surprised noone else has noticed.
Thanks,
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages bindfs depends on:
ii fuse 2.9.0-5
ii libc6 2.13-34
ii libfuse2 2.9.0-5
bindfs recommends no packages.
bindfs suggests no packages.
-- no debconf information
FUSE passes something like "/src" in path. When we call
pathconf, if the path passed as argument doesn't exist, it
returns -1 because it can't determine the relevant filesystem.
We end up allocating only enough space to store the dirent struct
up to the d_name field and no more, but when we call readdir
further down, it wants to write to d_name. With the current
libc6 package (2.13-34) this causes an invalid memory access
error and bindfs aborts.
How to reproduce:
tar xvzf bindfs_1.10.3.orig.tar.gz
cd bindfs-1.10.3
./configure
make
cd ..
mkdir bindfs-1.10.3.new
./bindfs-1.10.3/src/bindfs -n -d bindfs-1.10.3 bindfs-1.10.3.new
cd bindfs-1.10.3.new
make
diff -ruN bindfs-1.10.3.orig/src/bindfs.c bindfs-1.10.3/src/bindfs.c
--- bindfs-1.10.3.orig/src/bindfs.c 2012-05-18 07:45:33.000000000 -0600
+++ bindfs-1.10.3/src/bindfs.c 2012-07-14 20:34:16.121237773 -0600
@@ -399,7 +399,7 @@
struct dirent *de;
struct stat st;
int result = 0;
- (void) path;
+ path = process_path(path);
de_buf = malloc(offsetof(struct dirent, d_name) + pathconf(path, _PC_NAME_MAX) + 1);
