-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Try to fix #35 #36
Try to fix #35 #36
Conversation
Build artifacts for testing. |
Actually... won't https://github.com/AppImage/type2-runtime/pull/32/files fix this once it finally gets reviewed and merged? |
patches/libfuse/mount.c.diff
Outdated
+ prog = findBinaryInFusermountDir("fusermount" + i); | ||
+ if (access(prog, X_OK) == 0) | ||
+ char binaryName[13]; | ||
+ sprintf(binaryName, "fusermount%d", i); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use snprintf
which takes the size into account:
+ sprintf(binaryName, "fusermount%d", i); | |
+ sprintf(binaryName, sizeof(binaryName) "fusermount%d", i); |
You should further check the size of the return value:
if (snprintf(...) >= 13)
# alternativelly, since you expect a single digit
if (snprintf(...) != 11)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fusermount4
... fusermount99
is what I had in mind
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what you mean with the further check - in which case would this even be needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If i
overflows for whatever reason (might be future changes), snprintf
will not render additional digits but it'd be unexpected to run into the limit anyway. It's good practice to check the return value. See, e.g., https://stackoverflow.com/questions/54084570/how-to-detect-snprintf-errors.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Had a first glance. Please revisit, I'll have another look afterwards.
Co-authored-by: TheAssassin <[email protected]>
The more I look into this, the more it seems like a bad idea. Firstly, @TheAssassin noticed the security issues in your patch and told you, but you merged the patch without more discussion. #11 (comment) Then in the patch you wrote that « For security reasons, we do not search the binary on the $PATH; », but now we are doing it in #32? I don't understand everything but we should seriously reconsider the security implications of doing such a patch. And ask libfuse's developers' opinion, as they either have a good reason of not doing it or could merge it directly upstream and give it a proper review for security issues. Because putting buffer overflows in someone else's code is not ok. |
I wish I had more time to work on AppImage and all of my other projects because I know I could handle most of this better, however that's likely not going to change soon. This is a tiny project team wise but has a large impact on users and developers, which is perfectly illustrated by https://xkcd.com/2347/ (change Nebraska to Germany). |
Build for testing: |
Closes #35
Thanks @Bqleine