[ecryptfs-utils/f14] do not use memcpy for overlaping areas fix broken pam module resulting in session with wrong gid

Tue Jul 19 14:28:53 UTC 2011

commit d805cdedabaccb2d1825bd3f3dad569d1f079d3a
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Tue Jul 19 16:28:41 2011 +0200

    do not use memcpy for overlaping areas
    fix broken pam module resulting in session with wrong gid

 ecryptfs-utils-87-fixgid.patch    |   58 +++++++++++++++++++++++++++++++++++++
 ecryptfs-utils-87-memcpyfix.patch |   21 +++++++++++++
 ecryptfs-utils.spec               |   14 ++++++++-
 3 files changed, 92 insertions(+), 1 deletions(-)
---

diff --git a/ecryptfs-utils-87-fixgid.patch b/ecryptfs-utils-87-fixgid.patch
new file mode 100644
index 0000000..5b8e39e
--- /dev/null
+++ b/ecryptfs-utils-87-fixgid.patch
@@ -0,0 +1,58 @@
+diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid	2011-07-19 15:58:45.337539138 +0200
++++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-07-19 16:02:09.542029724 +0200
+@@ -217,7 +217,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 		}
+ out_child:
+ 		free(auth_tok_sig);
+-		exit(0);
++		_exit(0);
+ 	}
+ 	tmp_pid = waitpid(child_pid, NULL, 0);
+ 	if (tmp_pid == -1)
+@@ -309,7 +309,7 @@ static int private_dir(pam_handle_t *pam
+ 			    pwd->pw_dir) < 0) || recorded == NULL) {
+ 				syslog(LOG_ERR,
+ 				   "Error allocating memory for recorded name");
+-				return 1;
++				_exit(255);
+ 			}
+ 			if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
+ 				/* User has not recorded their passphrase */
+@@ -322,23 +322,25 @@ static int private_dir(pam_handle_t *pam
+ 				/* User does not want to auto-mount */
+ 				syslog(LOG_INFO,
+ 					"Skipping automatic eCryptfs mount");
+-				return 0;
++				_exit(0);
+ 			}
+ 			/* run mount.ecryptfs_private as the user */
+ 			setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
+ 			execl("/sbin/mount.ecryptfs_private",
+ 			      "mount.ecryptfs_private", NULL);
++			_exit(255);
+ 		} else {
+ 			if (stat(autofile, &s) != 0) {
+ 				/* User does not want to auto-unmount */
+ 				syslog(LOG_INFO,
+ 					"Skipping automatic eCryptfs unmount");
+-				return 0;
++				_exit(0);
+ 			}
+ 			/* run umount.ecryptfs_private as the user */
+ 			setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
+ 			execl("/sbin/umount.ecryptfs_private",
+  			      "umount.ecryptfs_private", NULL);
++			_exit(255);
+ 		}
+ 		return 1;
+ 	} else {
+@@ -482,7 +484,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ 			goto out_child;
+ 		}
+ out_child:
+-		exit(0);
++		_exit(0);
+ 	}
+ 	if ((tmp_pid = waitpid(child_pid, NULL, 0)) == -1)
+ 		syslog(LOG_WARNING,
diff --git a/ecryptfs-utils-87-memcpyfix.patch b/ecryptfs-utils-87-memcpyfix.patch
new file mode 100644
index 0000000..3e7a5cd
--- /dev/null
+++ b/ecryptfs-utils-87-memcpyfix.patch
@@ -0,0 +1,21 @@
+diff -up ecryptfs-utils-87/src/utils/mount.ecryptfs.c.memcpyfix ecryptfs-utils-87/src/utils/mount.ecryptfs.c
+--- ecryptfs-utils-87/src/utils/mount.ecryptfs.c.memcpyfix	2011-07-11 15:04:00.742821125 +0200
++++ ecryptfs-utils-87/src/utils/mount.ecryptfs.c	2011-07-11 15:04:15.590926517 +0200
+@@ -189,7 +189,7 @@ static int ecryptfs_generate_mount_flags
+ 			*end = '\0';
+ 			break;
+ 		}
+-		memcpy(opt, next_opt, end - next_opt);
++		memmove(opt, next_opt, end - next_opt);
+ 		end = end - (next_opt - opt);
+ 		*end = '\0';
+ 	}
+@@ -416,7 +416,7 @@ static int opts_str_contains_option(char
+ 			*end = '\0';
+ 			break;
+ 		}
+-		memcpy(opt, next_opt, end - next_opt);
++		memmove(opt, next_opt, end - next_opt);
+ 		end = end - (next_opt - opt);
+ 		*end = '\0';
+ 	}
diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec
index 1dd0179..a867436 100644
--- a/ecryptfs-utils.spec
+++ b/ecryptfs-utils.spec
@@ -5,7 +5,7 @@
 
 Name: ecryptfs-utils
 Version: 87
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: The eCryptfs mount helper and support libraries
 Group: System Environment/Base
 License: GPLv2+
@@ -38,9 +38,15 @@ Patch10: ecryptfs-utils-87-mtab.patch
 # fedora/rhel specific, check for pam ecryptfs module before home migration
 Patch11: ecryptfs-utils-87-authconfig.patch
 
+# memcpy can't be used on overlaping areas
+Patch12: ecryptfs-utils-87-memcpyfix.patch
+
 # allow building with -Werror
 Patch999: ecryptfs-utils-75-werror.patch
 
+# rhbz#722445
+Patch13: ecryptfs-utils-87-fixgid.patch
+
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Requires: keyutils, cryptsetup-luks, util-linux-ng, gettext
 BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel
@@ -86,7 +92,9 @@ the interface supplied by the ecryptfs-utils library.
 %patch7 -p1 -b .autoload
 %patch10 -p1 -b .mtabfix
 %patch11 -p1 -b .authconfig
+%patch12 -p1 -b .memcpyfix
 %patch999 -p1 -b .werror
+%patch13 -p1 -b .fixgid
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -ggdb -O2 -Werror -Wtype-limits"
@@ -214,6 +222,10 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/ecryptfs-utils/_libecryptfs.so
 
 %changelog
+* Tue Jul 19 2011 Michal Hlavinka <mhlavink at redhat.com> - 87-5
+- do not use memcpy for overlaping areas
+- fix broken pam module resulting in session with wrong gid
+
 * Thu Jun 09 2011 Michal Hlavinka <mhlavink at redhat.com> - 87-4
 - check for ecryptfs pam module before home dir migration
 
