Try to fix #35 #36
Try to fix #35 #36
Conversation
|
Build artifacts for testing. |
|
Actually... won't https://github.com/AppImage/type2-runtime/pull/32/files fix this once it finally gets reviewed and merged? |
patches/libfuse/mount.c.diff
Outdated
| + prog = findBinaryInFusermountDir("fusermount" + i); | ||
| + if (access(prog, X_OK) == 0) | ||
| + char binaryName[13]; | ||
| + sprintf(binaryName, "fusermount%d", i); |
There was a problem hiding this comment.
Use snprintf which takes the size into account:
| + sprintf(binaryName, "fusermount%d", i); | |
| + sprintf(binaryName, sizeof(binaryName) "fusermount%d", i); |
You should further check the size of the return value:
if (snprintf(...) >= 13)
# alternativelly, since you expect a single digit
if (snprintf(...) != 11)There was a problem hiding this comment.
fusermount4... fusermount99 is what I had in mind
There was a problem hiding this comment.
Not sure what you mean with the further check - in which case would this even be needed?
There was a problem hiding this comment.
If i overflows for whatever reason (might be future changes), snprintf will not render additional digits but it'd be unexpected to run into the limit anyway. It's good practice to check the return value. See, e.g., https://stackoverflow.com/questions/54084570/how-to-detect-snprintf-errors.
Co-authored-by: TheAssassin <[email protected]>
|
The more I look into this, the more it seems like a bad idea. Firstly, @TheAssassin noticed the security issues in your patch and told you, but you merged the patch without more discussion. #11 (comment) Then in the patch you wrote that « For security reasons, we do not search the binary on the $PATH; », but now we are doing it in #32? I don't understand everything but we should seriously reconsider the security implications of doing such a patch. And ask libfuse's developers' opinion, as they either have a good reason of not doing it or could merge it directly upstream and give it a proper review for security issues. Because putting buffer overflows in someone else's code is not ok. |
|
I wish I had more time to work on AppImage and all of my other projects because I know I could handle most of this better, however that's likely not going to change soon. This is a tiny project team wise but has a large impact on users and developers, which is perfectly illustrated by https://xkcd.com/2347/ (change Nebraska to Germany). |
|
Build for testing: |
Closes #35
Thanks @Bqleine