56 lines
1.7 KiB
Diff
56 lines
1.7 KiB
Diff
From 453a5451f20f22cb466b5be58f7d771ca5fa6d25 Mon Sep 17 00:00:00 2001
|
|
From: gulining <gulining1@huawei.com>
|
|
Date: Fri, 22 Mar 2019 02:23:47 -0400
|
|
Subject: [PATCH] backport-CVE-2018-10906.patch
|
|
|
|
Signed-off-by: gulining <gulining1@huawei.com>
|
|
---
|
|
libfuse-fuse-2.9.7/util/fusermount.c | 13 +++++++++++--
|
|
1 file changed, 11 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/libfuse-fuse-2.9.7/util/fusermount.c b/libfuse-fuse-2.9.7/util/fusermount.c
|
|
index d950c5c..e14e7dd 100644
|
|
--- a/libfuse-fuse-2.9.7/util/fusermount.c
|
|
+++ b/libfuse-fuse-2.9.7/util/fusermount.c
|
|
@@ -29,6 +29,7 @@
|
|
#include <sys/socket.h>
|
|
#include <sys/utsname.h>
|
|
#include <sched.h>
|
|
+#include <stdbool.h>
|
|
|
|
#define FUSE_COMMFD_ENV "_FUSE_COMMFD"
|
|
|
|
@@ -740,8 +741,10 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode,
|
|
unsigned len;
|
|
const char *fsname_str = "fsname=";
|
|
const char *subtype_str = "subtype=";
|
|
+ bool escape_ok = begins_with(s, fsname_str) ||
|
|
+ begins_with(s, subtype_str);
|
|
for (len = 0; s[len]; len++) {
|
|
- if (s[len] == '\\' && s[len + 1])
|
|
+ if (escape_ok && s[len] == '\\' && s[len + 1])
|
|
len++;
|
|
else if (s[len] == ',')
|
|
break;
|
|
@@ -795,10 +798,16 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode,
|
|
flags |= flag;
|
|
else
|
|
flags &= ~flag;
|
|
- } else {
|
|
+ } else if (opt_eq(s, len, "default_permissions") ||
|
|
+ opt_eq(s, len, "allow_other") ||
|
|
+ begins_with(s, "max_read=") ||
|
|
+ begins_with(s, "blksize=")) {
|
|
memcpy(d, s, len);
|
|
d += len;
|
|
*d++ = ',';
|
|
+ } else {
|
|
+ fprintf(stderr, "%s: unknown option '%.*s'\n", progname, len, s);
|
|
+ exit(1);
|
|
}
|
|
}
|
|
}
|
|
--
|
|
1.8.3.1
|
|
|