| Summary: | fopen doesn't honor last byte of valid modes | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Eric Blake <eblake> |
| Component: | glibc | Assignee: | Andreas Schwab <schwab> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 14 | CC: | fweimer, jakub, schwab |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | glibc-2.14-2 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-06-07 04:25:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Correction - 'r' and 'x' don't generally make sense together; a better example (slightly) more likely to appear in a mode argument would be "wb+cmxe" or "wb+cmex". And since 'c', 'm', and 'e' are glibc extensions, and 'x' is not valid until C1x, and 'b' is documented as a no-op on glibc, one could argue that anyone wanting to use all of 'c', 'm', 'e', '+', and 'x' has no business also using 'b', thus avoiding the off-by-one problem. glibc-2.13.90-10 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/glibc-2.13.90-10 Package glibc-2.13.90-10: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-10' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-10 then log in and leave karma (feedback). Package glibc-2.13.90-11: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-11' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-11 then log in and leave karma (feedback). Package glibc-2.13.90-12: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-12' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-12 then log in and leave karma (feedback). Package glibc-2.13.90-13: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-13' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-13 then log in and leave karma (feedback). Package glibc-2.13.90-14: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-14 then log in and leave karma (feedback). Package glibc-2.14-1: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.14-1' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.14-1 then log in and leave karma (feedback). Package glibc-2.14-2: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.14-2' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.14-2 then log in and leave karma (feedback). glibc-2.14-2 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: An off-by-one bug in glibc means that valid file modes to fopen() are not always honored. In particular, this could be considered a security hole if someone used fopen(file,"rb+cmxe") to prevent leaking an fd into child processes, or fopen(file,"rb+cmex") to avoid overwriting existing files. Version-Release number of selected component (if applicable): glibc-2.12-1.25.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1. $ cat foo.c #include <stdio.h> #include <fcntl.h> #include <stdlib.h> int main (void) { FILE *f = fopen ("/dev/null", "rb+cmxe"); if (!f) exit (1); int fd = fileno (f); if (fd < 0) exit (2); int mode = fcntl (fd, F_GETFD); if (mode < 0) exit (3); return !(mode & FD_CLOEXEC); } $ ./foo; echo $? Actual results: 1 Expected results: 0 Additional info: http://sourceware.org/bugzilla/show_bug.cgi?id=12685