Bug#1050121: bullseye-pu: package cryptmount/5.3.3-1+deb11u1
Package: release.debian.org
Version: 5.3.3-1
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: rwpenney@users.sourceforge.net
Control: affects -1 + src:cryptmount
[ Reason ]
When cryptmount is passed invalid command-line arguments, it is likely
to crash with a SEGV error due to inappropriately zeroed memory passed
to getopt_long().
[ Impact ]
The absence of error-messages when invalid command-line arguments are supplied
affects usability. The use of uninitialized memory with a setuid binary is,
potentially, a security risk.
[ Tests ]
The fix involves a single-line change to replace a call to malloc()
with one to calloc(). This has been tested manually on invalid command-line
arguments,
and the upstream "mudslinger" test-suite has been used for regression tests
across a wide range of usage scenarios.
[ Risks ]
The proposed change has very little risk of side-effects.
[ Checklist ]
[x] *all* changes are documents in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in bullseye
[x] the issue is verified as fixed in unstable
[ Changes ]
A call to malloc() prior to using getopt_long() has been replaced by
a similar call to calloc().
diff -Nru cryptmount-5.3.3/debian/changelog cryptmount-5.3.3/debian/changelog
--- cryptmount-5.3.3/debian/changelog 2021-01-01 14:34:20.000000000 +0000
+++ cryptmount-5.3.3/debian/changelog 2023-07-20 11:30:00.000000000 +0100
@@ -1,3 +1,12 @@
+cryptmount (5.3.3-1+deb11u1) bullseye; urgency=low
+
+ * Fix for memory-initialization in command-line parser (bug#1038384)
+ - one-line change to source-code, replacing malloc() with calloc()
+ - reduces risk of SEGV crashes when handling unrecognized
+ command-line options
+
+ -- RW Penney <rwpenney@users.sourceforge.net> Sun, 20 Jul 2023 10:30:00 +0000
+
cryptmount (5.3.3-1) unstable; urgency=low
* New upstream release
diff -Nru cryptmount-5.3.3/debian/patches/docfiles-pathnames.patch cryptmount-5.3.3/debian/patches/docfiles-pathnames.patch
--- cryptmount-5.3.3/debian/patches/docfiles-pathnames.patch 2021-01-01 15:19:51.000000000 +0000
+++ cryptmount-5.3.3/debian/patches/docfiles-pathnames.patch 2023-07-20 11:30:00.000000000 +0100
@@ -1,4 +1,7 @@
-Correct installation pathnames in documentation
+Description: Correct installation pathnames in documentation
+ Some documentation files not installed except in Debian packaging
+Author: RW Penney <rwpenney@users.sourceforge.net>
+Forwarded: not-needed
--- a/README
+++ b/README
@@ -64,7 +64,7 @@
diff -Nru cryptmount-5.3.3/debian/patches/getopt-initialization.patch cryptmount-5.3.3/debian/patches/getopt-initialization.patch
--- cryptmount-5.3.3/debian/patches/getopt-initialization.patch 1970-01-01 01:00:00.000000000 +0100
+++ cryptmount-5.3.3/debian/patches/getopt-initialization.patch 2023-07-01 08:05:21.000000000 +0100
@@ -0,0 +1,14 @@
+Description: Fix memory initialization error in command-line parser
+Author: RW Penney <rwpenney@users.sourceforge.net>
+Forwarded: not-needed
+--- a/cryptmount.c
++++ b/cryptmount.c
+@@ -1372,7 +1372,7 @@
+ #ifdef _GNU_SOURCE
+ struct option *longopts;
+
+- longopts = (struct option*)malloc((n_options + 1) * sizeof(struct option));
++ longopts = (struct option*)calloc(n_options + 1, sizeof(struct option));
+ for (i=0; i<n_options; ++i) {
+ longopts[i].name = opt_table[i].longopt;
+ longopts[i].has_arg = ((opt_table[i].flags & NEEDS_ARG)
diff -Nru cryptmount-5.3.3/debian/patches/series cryptmount-5.3.3/debian/patches/series
--- cryptmount-5.3.3/debian/patches/series 2021-01-01 15:19:50.000000000 +0000
+++ cryptmount-5.3.3/debian/patches/series 2023-07-20 11:30:00.000000000 +0100
@@ -1,4 +1,5 @@
docfiles-pathnames.patch
+getopt-initialization.patch
systemd-paths.patch
install-example-cmtab.patch
init.d-script.patch
Reply to: