Bug 684037 - improperly used readlink() in util-linux-ng-2.17-lsblk.patch
Summary: improperly used readlink() in util-linux-ng-2.17-lsblk.patch
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: util-linux-ng
Version: 6.1
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: Karel Zak
QA Contact: Petr Sklenar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-10 22:59 UTC by Kamil Dudka
Modified: 2011-05-19 14:06 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-19 14:06:57 UTC
Target Upstream Version:

Attachments (Terms of Use)
a reproducer (309 bytes, text/plain)
2011-04-19 11:49 UTC, Kamil Dudka 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0699 0 normal SHIPPED_LIVE util-linux-ng bug fix and enhancement update 2011-05-18 18:10:13 UTC

Description Kamil Dudka 2011-03-10 22:59:22 UTC 
Description of problem:
- off-by-one error in the bufsize parameter given to readlink()
- broken error handling (len < 0 comparison of unsigned variable by is useless)


Version-Release number of selected component (if applicable):
util-linux-ng-2.17.2-9.el6
Comment 4 Karel Zak 2011-03-11 09:37:01 UTC 
The latest RHEL61 built is util-linux-ng-2.17.2-11.el6, the package was already reviewed and the bugs fixed....

See https://bugzilla.redhat.com/show_bug.cgi?id=678378

*** This bug has been marked as a duplicate of bug 678378 ***
Comment 5 Karel Zak 2011-03-11 09:46:02 UTC 
Ah... the problem with size_t vs. ssize_t should be probably fixed.
Comment 7 Kamil Dudka 2011-04-19 11:49:16 UTC 
Created attachment 493166 [details]
a reproducer
Comment 8 Kamil Dudka 2011-04-19 11:51:36 UTC 
$ curl -o bz684037.c 'https://bugzilla.redhat.com/attachment.cgi?id=493166'
$ sh bz684037.c
...
bz684037.c: line 4: 31309 Segmentation fault      LD_PRELOAD=./readlink.so valgrind namei lnk

With the fixed version, it gives me:
namei: failed to read symlink: lnk: Success
Comment 9 Kamil Dudka 2011-04-19 11:55:09 UTC 
(In reply to comment #8)
> With the fixed version, it gives me:
> namei: failed to read symlink: lnk: Success

Oops, forgot to set a meaningful errno...

--- a/bz684037.c
+++ b/bz684037.c
@@ -5,6 +5,7 @@
 exit $?
 #endif
 #include <unistd.h>
+#include <errno.h>

 ssize_t readlink(const char *path, char *buf, size_t bufsize)
 {
@@ -12,5 +13,6 @@
     (void) buf;
     (void) bufsize;

+    errno = EPERM;
     return -1;
 }

With the patch above, it says:

namei: failed to read symlink: lnk: Operation not permitted
Comment 11 errata-xmlrpc 2011-05-19 14:06:57 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0699.html
Note You need to log in before you can comment on or make changes to this bug.