File fce-afpd-fix-fce_event_names-array-overflow.patch of Package netatalk

Overview Repositories Revisions Requests Users Attributes Meta

File fce-afpd-fix-fce_event_names-array-overflow.patch of Package netatalk

From: Jeff Mahoney <jeffm@suse.com>
Subject: fce: afpd: fix fce_event_names array overflow

Commit 04ba0da53534 (fce: afpd: fix event names array) increased the size
fce_event_names to accomodate the logout name but then initializes two
more names that are outside of the array bounds.

To avoid similar bugs in the future, the array should really be declared
with designated initializers, but that's a C99 (and/or gcc) feature.
I'm not familiar with the compilers shipped with systems that netatalk
supports, other than Linux, to know if that's safe to use.

For now, we'll just bump up FCE_LAST_EVENT to reflect that FCE_CONN_BROKEN
has the highest value.

Behavior varies based on whatever follows fce_event_names in the afpd
executable. For my local build, fce_event_names[FCE_CONN_START] and fce_event_names[FCE_CONN_BROKEN] collide with the pathname static variable in of_statdir.
The effect would be that if of_statdir has been called and
we issue an FCE_CONN_BROKEN event with a notify script configured, we'll
crash while composing the script command line.
---
 include/atalk/fce_api.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -Naur a/include/atalk/fce_api.h b/include/atalk/fce_api.h
--- a/include/atalk/fce_api.h	2015-01-12 01:33:02.000000000 -0600
+++ b/include/atalk/fce_api.h	2015-12-29 16:19:38.760268844 -0600
@@ -28,7 +28,7 @@
 #define FCE_LOGOUT          9
 /* keep in sync with public FCE events */
 #define FCE_FIRST_EVENT     FCE_FILE_MODIFY
-#define FCE_LAST_EVENT      FCE_LOGOUT
+#define FCE_LAST_EVENT      FCE_CONN_BROKEN

Places

File fce-afpd-fix-fce_event_names-array-overflow.patch of Package netatalk

Places