From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9A402138247 for ; Thu, 9 Oct 2014 02:40:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2ACEEE0876; Thu, 9 Oct 2014 02:40:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D4233E0876 for ; Thu, 9 Oct 2014 02:40:30 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7B969340421 for ; Thu, 9 Oct 2014 02:40:29 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 55BF075E2 for ; Thu, 9 Oct 2014 02:40:27 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1412822331.24d22f45656fb88c63763ca319a2275b8f642d9e.blueness@gentoo> Subject: [gentoo-commits] proj/elfix:master commit in: misc/install-xattr/ X-VCS-Repository: proj/elfix X-VCS-Files: misc/install-xattr/install-xattr.c X-VCS-Directories: misc/install-xattr/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 24d22f45656fb88c63763ca319a2275b8f642d9e X-VCS-Branch: master Date: Thu, 9 Oct 2014 02:40:27 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 4bf2caa8-ad4a-4bc6-bbdf-1a13f9ad9279 X-Archives-Hash: 58211a79b502cf30b7174d2261421844 commit: 24d22f45656fb88c63763ca319a2275b8f642d9e Author: Zac Medico gentoo org> AuthorDate: Thu Oct 9 02:38:51 2014 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Thu Oct 9 02:38:51 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=24d22f45 misc/install-xattr: correct potential fork bomb The which() function compares portage_helper_path, to canpath and skips it when appropriate: if (portage_helper_path) if (!strcmp(portage_helper_path, canpath)) goto skip; However, portage_helper_path has not been canonicalized with the realpath function, so strcmp can return false even though the paths are equivalent. This may occurs when /usr/lib is a symlink to /usr/lib64. X-Gentoo-Bug: 523994 X-Gentoo-Bug-URL: https://bugs.gentoo.org/523994 --- misc/install-xattr/install-xattr.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/misc/install-xattr/install-xattr.c b/misc/install-xattr/install-xattr.c index 805c0a4..2f349df 100644 --- a/misc/install-xattr/install-xattr.c +++ b/misc/install-xattr/install-xattr.c @@ -325,6 +325,7 @@ main(int argc, char* argv[]) */ char *oldpwd = getenv("OLDPWD"); char *portage_helper_path = getenv("__PORTAGE_HELPER_PATH"); + char *portage_helper_canpath = NULL; if (portage_helper_path) chdir(oldpwd); @@ -334,8 +335,11 @@ main(int argc, char* argv[]) case 0: /* find system install avoiding mypath and portage_helper_path! */ - install = which(mypath, portage_helper_path); + if (portage_helper_path) + portage_helper_canpath = realpath(portage_helper_path, NULL); + install = which(mypath, portage_helper_canpath); free(mypath); + free(portage_helper_canpath); argv[0] = install; /* so coreutils' lib/program.c behaves */ execv(install, argv); /* The kernel will free(install). */ err(1, "execv() failed");