Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buffer overflow in libfuse patch #35

Open
Bqleine opened this issue Jul 2, 2024 · 2 comments · May be fixed by #36
Open

Buffer overflow in libfuse patch #35

Bqleine opened this issue Jul 2, 2024 · 2 comments · May be fixed by #36

Comments

@Bqleine
Copy link

Bqleine commented Jul 2, 2024

// For i = 4...99, check if there is a binary called "fusermount" + i
// It is not yet known whether this will work for our purposes, but it is better than not even attempting
for (int i = 4; i < 100; i++) {
prog = findBinaryInFusermountDir("fusermount" + i);
if (access(prog, X_OK) == 0)
return prog;
}

This adds to the string's pointer, it does not make a string concatenation at all. e.g it will lead to the following tries:

  • "rmountXXXX"
  • "mountXXXXX"
  • etc...
    With Xs being invalid memory addresses.
probonopd added a commit that referenced this issue Jul 2, 2024
@probonopd
Fix #35
63a422b 
Closes #35
Thanks @Bqleine
@probonopd probonopd linked a pull request Jul 2, 2024 that will close this issue
Open
@probonopd
Copy link
Member

Actually... won't

https://github.com/AppImage/type2-runtime/pull/32/files

fix this once it finally gets reviewed and merged?

@Bqleine
Copy link
Author

Bqleine commented Jul 3, 2024

The issue also got copied into these repositories:
https://github.com/feather-wallet/feather/blob/c0a5a549f4f78b6e65efd12d4813aa2149afa7f9/contrib/depends/patches/libfuse/mount.c.diff#L4
https://github.com/probonopd/static-tools/blob/f0f6e679a001c4ad0e393f829a2396bf41f59cfe/patches/libfuse/mount.c.diff#L4

@Bqleine Bqleine mentioned this issue Jul 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Try to fix #35 AppImage/type2-runtime
2 participants
@probonopd @Bqleine