attr/0003-attr_list-attr_listf-Guard-against-unterminated-buff.patch

From 03d0e1ef54dc21e60ead4ec3161c217f3d53a5a7 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruenba@redhat.com>
Date: Mon, 17 Dec 2018 14:38:26 +0100
Subject: [PATCH 3/7] attr_list, attr_listf: Guard against unterminated buffer

attr_list and attr_listf can crash when the listxattr, llistxattr, or
flistxattr syscalls incorrectly return an unterminated buffer.  Guard
against that by always appending a null character.
---
 libattr/libattr.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/libattr/libattr.c b/libattr/libattr.c
index 8180c3f..d550e10 100644
--- a/libattr/libattr.c
+++ b/libattr/libattr.c
@@ -290,7 +290,7 @@ attr_list(const char *path, char *buffer, const int buffersize, int flags,
 {
 	const char *l;
 	int length, vlength, count = 0;
-	char lbuf[MAXLISTLEN];
+	char lbuf[MAXLISTLEN+1];
 	char name[MAXNAMELEN+16];
 	int start_offset, end_offset;
 
@@ -301,11 +301,12 @@ attr_list(const char *path, char *buffer, const int buffersize, int flags,
 	bzero(buffer, sizeof(attrlist_t));
 
 	if (flags & ATTR_DONTFOLLOW)
-		length = llistxattr(path, lbuf, sizeof(lbuf));
+		length = llistxattr(path, lbuf, sizeof(lbuf) - 1);
 	else
-		length = listxattr(path, lbuf, sizeof(lbuf));
+		length = listxattr(path, lbuf, sizeof(lbuf) - 1);
 	if (length <= 0)
 		return length;
+	lbuf[length] = 0;  /* not supposed to be necessary */
 
 	start_offset = sizeof(attrlist_t);
 	end_offset = buffersize & ~(8-1);	/* 8 byte align */
@@ -340,7 +341,7 @@ attr_listf(int fd, char *buffer, const int buffersize, int flags,
 {
 	const char *l;
 	int length, vlength, count = 0;
-	char lbuf[MAXLISTLEN];
+	char lbuf[MAXLISTLEN+1];
 	char name[MAXNAMELEN+16];
 	int start_offset, end_offset;
 
@@ -350,9 +351,10 @@ attr_listf(int fd, char *buffer, const int buffersize, int flags,
 	}
 	bzero(buffer, sizeof(attrlist_t));
 
-	length = flistxattr(fd, lbuf, sizeof(lbuf));
+	length = flistxattr(fd, lbuf, sizeof(lbuf) - 1);
 	if (length < 0)
 		return length;
+	lbuf[length] = 0;  /* not supposed to be necessary */
 
 	start_offset = sizeof(attrlist_t);
 	end_offset = buffersize & ~(8-1);	/* 8 byte align */
-- 
1.8.3.1
attr: backport upsteam bugfix patches attr: backport upsteam bugfix patches Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> 2020-07-12 18:27:19 +08:00			`From 03d0e1ef54dc21e60ead4ec3161c217f3d53a5a7 Mon Sep 17 00:00:00 2001`
			`From: Andreas Gruenbacher <agruenba@redhat.com>`
			`Date: Mon, 17 Dec 2018 14:38:26 +0100`
			`Subject: [PATCH 3/7] attr_list, attr_listf: Guard against unterminated buffer`

			`attr_list and attr_listf can crash when the listxattr, llistxattr, or`
			`flistxattr syscalls incorrectly return an unterminated buffer. Guard`
			`against that by always appending a null character.`
			`---`
			`libattr/libattr.c \| 12 +++++++-----`
			`1 file changed, 7 insertions(+), 5 deletions(-)`

			`diff --git a/libattr/libattr.c b/libattr/libattr.c`
			`index 8180c3f..d550e10 100644`
			`--- a/libattr/libattr.c`
			`+++ b/libattr/libattr.c`
			`@@ -290,7 +290,7 @@ attr_list(const char path, char buffer, const int buffersize, int flags,`
			`{`
			`const char *l;`
			`int length, vlength, count = 0;`
			`- char lbuf[MAXLISTLEN];`
			`+ char lbuf[MAXLISTLEN+1];`
			`char name[MAXNAMELEN+16];`
			`int start_offset, end_offset;`

			`@@ -301,11 +301,12 @@ attr_list(const char path, char buffer, const int buffersize, int flags,`
			`bzero(buffer, sizeof(attrlist_t));`

			`if (flags & ATTR_DONTFOLLOW)`
			`- length = llistxattr(path, lbuf, sizeof(lbuf));`
			`+ length = llistxattr(path, lbuf, sizeof(lbuf) - 1);`
			`else`
			`- length = listxattr(path, lbuf, sizeof(lbuf));`
			`+ length = listxattr(path, lbuf, sizeof(lbuf) - 1);`
			`if (length <= 0)`
			`return length;`
			`+ lbuf[length] = 0; /* not supposed to be necessary */`

			`start_offset = sizeof(attrlist_t);`
			`end_offset = buffersize & ~(8-1); /* 8 byte align */`
			`@@ -340,7 +341,7 @@ attr_listf(int fd, char *buffer, const int buffersize, int flags,`
			`{`
			`const char *l;`
			`int length, vlength, count = 0;`
			`- char lbuf[MAXLISTLEN];`
			`+ char lbuf[MAXLISTLEN+1];`
			`char name[MAXNAMELEN+16];`
			`int start_offset, end_offset;`

			`@@ -350,9 +351,10 @@ attr_listf(int fd, char *buffer, const int buffersize, int flags,`
			`}`
			`bzero(buffer, sizeof(attrlist_t));`

			`- length = flistxattr(fd, lbuf, sizeof(lbuf));`
			`+ length = flistxattr(fd, lbuf, sizeof(lbuf) - 1);`
			`if (length < 0)`
			`return length;`
			`+ lbuf[length] = 0; /* not supposed to be necessary */`

			`start_offset = sizeof(attrlist_t);`
			`end_offset = buffersize & ~(8-1); /* 8 byte align */`
			`--`
			`1.8.3.1`