!27 [sync] PR-22: 【Mainline】acl_copy_entry prevent accidental NULL pointer dereferences

From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
2024-07-10 08:19:27 +00:00 · 2024-07-10 08:19:27 +00:00 · f21ee49bf1
commit f21ee49bf1
parent 3d8d815874 cc6f194e5b
2 changed files with 40 additions and 1 deletions
--- a/acl.spec
+++ b/acl.spec
@ -1,6 +1,6 @@
 Name:          acl
 Version:       2.3.1
-Release:       2
+Release:       3
 Summary:       Commands for manipulating POSIX access control lists

 License:       GPLv2+
@ -10,6 +10,8 @@ Source1:       http://download.savannah.nongnu.org/releases/acl/%{name}-%{versio
 #From https://savannah.nongnu.org/people/viewgpg.php?user_id=15000
 Source2:       agruen-key.gpg

+Patch1:    backport-acl_copy_entry-Prevent-accidental-NULL-pointer-deref.patch
+
 BuildRequires: libattr-devel gawk libtool gettext
 BuildRequires: chrpath

@ -96,6 +98,9 @@ fi
 %{_mandir}/man5/*

 %changelog
+* Wed Jul 10 2024 yixiangzhike <yixiangzhike007@163.com> - 2.3.1-3
+- Backport upstream patch to avoid NULL dereferences
+
 * Tue Sep 20 2022 yixiangzhike <yixiangzhike007@163.com> - 2.3.1-2
 - Remove rpath and runpath of exec files

--- a/backport-acl_copy_entry-Prevent-accidental-NULL-pointer-deref.patch
+++ b/backport-acl_copy_entry-Prevent-accidental-NULL-pointer-deref.patch
@ -0,0 +1,34 @@
+From 4b7672d6fbfb9ef8a0b81f285b74aa299185aa83 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruenba@redhat.com>
+Date: Mon, 24 Jun 2024 12:41:04 +0200
+Subject: [PATCH] acl_copy_entry: Prevent accidental NULL pointer dereference
+
+In acl_copy_entry(), when dest_d turns out to be invalid, dest_p will be
+NULL.  Instead of checking for that, we are accidentally checking if
+dest_d is NULL.  As a result, when called with an invalid dest_d object,
+acl_copy_entry() will cause a NULL pointer dereference instead of
+indicating an error.  This is a relatively minor problem, but worth
+fixing nonetheless.
+
+Reported-by: His Shadow <shadowpilot34@gmail.com>
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+---
+ libacl/acl_copy_entry.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libacl/acl_copy_entry.c b/libacl/acl_copy_entry.c
+index f9c90c7..e92580c 100644
+--- a/libacl/acl_copy_entry.c
+++ b/libacl/acl_copy_entry.c
+@@ -28,7 +28,7 @@ acl_copy_entry(acl_entry_t dest_d, acl_entry_t src_d)
+ {
+ 	acl_entry_obj *dest_p = ext2int(acl_entry, dest_d),
+ 	               *src_p = ext2int(acl_entry,  src_d);
+-	if (!dest_d || !src_p)
+	if (!dest_p || !src_p)
+ 		return -1;
+ 
+ 	dest_p->etag  = src_p->etag;
+-- 
+2.33.0
+