From 9864b4ec2ed817286cdac03a73189227b6a35991 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 22 Sep 2017 14:21:03 +0100 Subject: [PATCH] Fix undefined behaviour with O_RDONLY|O_CREAT in rofiles-fuse --- debian/changelog | 2 + ...les-fuse-also-pass-mode-for-O_RDONLY.patch | 70 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 73 insertions(+) create mode 100644 debian/patches/2017.12/rofiles-fuse-also-pass-mode-for-O_RDONLY.patch diff --git a/debian/changelog b/debian/changelog index 4f80a9dd..3137657b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ ostree (2017.11-2) UNRELEASED; urgency=medium * Add a patch to fix FTBFS in non-English locales * Add a patch to fix FTBFS if building as root with umask != 022, which for some reason debomatic does (Closes: #876138) + * Add a patch from upstream to fix undefined behaviour with + O_RDONLY|O_CREAT in rofiles-fuse -- Simon McVittie Tue, 19 Sep 2017 10:37:12 +0100 diff --git a/debian/patches/2017.12/rofiles-fuse-also-pass-mode-for-O_RDONLY.patch b/debian/patches/2017.12/rofiles-fuse-also-pass-mode-for-O_RDONLY.patch new file mode 100644 index 00000000..e12dd2b9 --- /dev/null +++ b/debian/patches/2017.12/rofiles-fuse-also-pass-mode-for-O_RDONLY.patch @@ -0,0 +1,70 @@ +From: Jonathan Lebon +Date: Wed, 20 Sep 2017 18:38:16 +0000 +Subject: rofiles-fuse: also pass mode for O_RDONLY + +In the `O_RDONLY` case, we were calling `openat` without a mode +argument. However, it's perfectly legal (albeit unusual) to do +`open(O_RDONLY|O_CREAT)`. One such application that makes use of this is +`flock(1)`. + +This was actually caught by `_FORTIFY_SOURCE=2`, and once we run +`rofiles-fuse` with `-f`, the message is clear: + +``` +*** invalid openat64 call: O_CREAT or O_TMPFILE without mode ***: +rofiles-fuse terminated +======= Backtrace: ========= +/lib64/libc.so.6(+0x7c8dc)[0x7f36d9f188dc] +/lib64/libc.so.6(__fortify_fail+0x37)[0x7f36d9fbfaa7] +/lib64/libc.so.6(+0x10019a)[0x7f36d9f9c19a] +rofiles-fuse[0x401768] +... +``` + +Without `_FORTIFY_SOURCE`, the file gets created, but its mode is +completely random. + +I ran into this while investigating +https://github.com/projectatomic/rpm-ostree/pull/1003. + +Closes: #1200 +Approved by: cgwalters +Origin: upstream, 2017.12, commit:d4c7093e370843c57eab2f89f0c39ef449e6b32e +--- + src/rofiles-fuse/main.c | 2 +- + tests/test-rofiles-fuse.sh | 5 ++++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/rofiles-fuse/main.c b/src/rofiles-fuse/main.c +index 6deaa6d..f2b1b65 100644 +--- a/src/rofiles-fuse/main.c ++++ b/src/rofiles-fuse/main.c +@@ -313,7 +313,7 @@ do_open (const char *path, mode_t mode, struct fuse_file_info *finfo) + if ((finfo->flags & O_ACCMODE) == O_RDONLY) + { + /* Read */ +- fd = openat (basefd, path, finfo->flags); ++ fd = openat (basefd, path, finfo->flags, mode); + if (fd == -1) + return -errno; + } +diff --git a/tests/test-rofiles-fuse.sh b/tests/test-rofiles-fuse.sh +index d329d76..6222929 100755 +--- a/tests/test-rofiles-fuse.sh ++++ b/tests/test-rofiles-fuse.sh +@@ -26,7 +26,7 @@ skip_without_user_xattrs + + setup_test_repository "bare" + +-echo "1..7" ++echo "1..8" + + cd ${test_tmpdir} + mkdir mnt +@@ -114,3 +114,6 @@ fi + assert_file_has_content err.txt "Unable to do hardlink checkout across devices" + + echo "ok checkout copy fallback" ++ ++# check that O_RDONLY|O_CREAT is handled correctly; used by flock(1) at least ++flock mnt/nonexistent-file echo "ok create file in ro mode" diff --git a/debian/patches/series b/debian/patches/series index d89120cd..109f6e8e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 2017.12/tests-Fix-JavaScript-tests-with-gjs-1.50.0.patch 2017.12/tests-Explicitly-unset-LANGUAGE-after-setting-LC_ALL.patch 2017.12/tests-Reset-umask-to-022-while-creating-test-repository.patch +2017.12/rofiles-fuse-also-pass-mode-for-O_RDONLY.patch