diff options
| author | Denis Vlasenko <vda.linux@googlemail.com> | 2008-03-17 08:46:43 +0000 |
|---|---|---|
| committer | Denis Vlasenko <vda.linux@googlemail.com> | 2008-03-17 08:46:43 +0000 |
| commit | a4522c5a66fab931328e2423f41716fba3a6fbfd (patch) | |
| tree | 683e186767f30580a6ee6ea14013997159c1a88a | |
| parent | afc4113ed747330c7f0cc281618bf3e19579810d (diff) | |
| download | busybox-w32-a4522c5a66fab931328e2423f41716fba3a6fbfd.tar.gz busybox-w32-a4522c5a66fab931328e2423f41716fba3a6fbfd.tar.bz2 busybox-w32-a4522c5a66fab931328e2423f41716fba3a6fbfd.zip | |
mount: plug a hole where FEATURE_MOUNT_HELPERS could allow execution
of arbitrary command.
function old new delta
mount_it_now 266 309 +43
| -rw-r--r-- | util-linux/mount.c | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/util-linux/mount.c b/util-linux/mount.c index b19c3a3ef..e41707e38 100644 --- a/util-linux/mount.c +++ b/util-linux/mount.c | |||
| @@ -56,9 +56,9 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result, char* buf | |||
| 56 | 56 | ||
| 57 | // Not real flags, but we want to be able to check for this. | 57 | // Not real flags, but we want to be able to check for this. |
| 58 | enum { | 58 | enum { |
| 59 | MOUNT_USERS = (1<<28)*ENABLE_DESKTOP, | 59 | MOUNT_USERS = (1 << 28) * ENABLE_DESKTOP, |
| 60 | MOUNT_NOAUTO = (1<<29), | 60 | MOUNT_NOAUTO = (1 << 29), |
| 61 | MOUNT_SWAP = (1<<30), | 61 | MOUNT_SWAP = (1 << 30), |
| 62 | }; | 62 | }; |
| 63 | 63 | ||
| 64 | 64 | ||
| @@ -238,8 +238,7 @@ static int verbose_mount(const char *source, const char *target, | |||
| 238 | errno = 0; | 238 | errno = 0; |
| 239 | rc = mount(source, target, filesystemtype, mountflags, data); | 239 | rc = mount(source, target, filesystemtype, mountflags, data); |
| 240 | if (verbose >= 2) | 240 | if (verbose >= 2) |
| 241 | bb_perror_msg("would do mount('%s','%s','%s',0x%08lx,'%s'):%d" | 241 | bb_perror_msg("mount('%s','%s','%s',0x%08lx,'%s'):%d", |
| 242 | + (sizeof("would do ")-1), | ||
| 243 | source, target, filesystemtype, | 242 | source, target, filesystemtype, |
| 244 | mountflags, (char*)data, rc); | 243 | mountflags, (char*)data, rc); |
| 245 | return rc; | 244 | return rc; |
| @@ -407,7 +406,7 @@ static int mount_it_now(struct mntent *mp, long vfsflags, char *filteropts) | |||
| 407 | if (ENABLE_FEATURE_MOUNT_HELPERS && rc) { | 406 | if (ENABLE_FEATURE_MOUNT_HELPERS && rc) { |
| 408 | char *args[6]; | 407 | char *args[6]; |
| 409 | int errno_save = errno; | 408 | int errno_save = errno; |
| 410 | args[0] = mp->mnt_type; | 409 | args[0] = xasprintf("mount.%s", mp->mnt_type); |
| 411 | rc = 1; | 410 | rc = 1; |
| 412 | if (filteropts) { | 411 | if (filteropts) { |
| 413 | args[rc++] = (char *)"-o"; | 412 | args[rc++] = (char *)"-o"; |
| @@ -417,6 +416,7 @@ static int mount_it_now(struct mntent *mp, long vfsflags, char *filteropts) | |||
| 417 | args[rc++] = mp->mnt_dir; | 416 | args[rc++] = mp->mnt_dir; |
| 418 | args[rc] = NULL; | 417 | args[rc] = NULL; |
| 419 | rc = wait4pid(spawn(args)); | 418 | rc = wait4pid(spawn(args)); |
| 419 | free(args[0]); | ||
| 420 | if (!rc) | 420 | if (!rc) |
| 421 | break; | 421 | break; |
| 422 | errno = errno_save; | 422 | errno = errno_save; |
| @@ -1556,8 +1556,8 @@ static int singlemount(struct mntent *mp, int ignore_busy) | |||
| 1556 | 1556 | ||
| 1557 | // Treat fstype "auto" as unspecified. | 1557 | // Treat fstype "auto" as unspecified. |
| 1558 | 1558 | ||
| 1559 | if (mp->mnt_type && strcmp(mp->mnt_type,"auto") == 0) | 1559 | if (mp->mnt_type && strcmp(mp->mnt_type, "auto") == 0) |
| 1560 | mp->mnt_type = 0; | 1560 | mp->mnt_type = NULL; |
| 1561 | 1561 | ||
| 1562 | // Might this be a virtual filesystem? | 1562 | // Might this be a virtual filesystem? |
| 1563 | 1563 | ||
| @@ -1566,6 +1566,8 @@ static int singlemount(struct mntent *mp, int ignore_busy) | |||
| 1566 | ) { | 1566 | ) { |
| 1567 | char *s, *p, *args[35]; | 1567 | char *s, *p, *args[35]; |
| 1568 | int n = 0; | 1568 | int n = 0; |
| 1569 | // FIXME: does it allow execution of arbitrary commands?! | ||
| 1570 | // What args[0] can end up with? | ||
| 1569 | for (s = p = mp->mnt_fsname; *s && n < 35-3; ++s) { | 1571 | for (s = p = mp->mnt_fsname; *s && n < 35-3; ++s) { |
| 1570 | if (s[0] == '#' && s[1] != '#') { | 1572 | if (s[0] == '#' && s[1] != '#') { |
| 1571 | *s = '\0'; | 1573 | *s = '\0'; |
| @@ -1583,9 +1585,9 @@ static int singlemount(struct mntent *mp, int ignore_busy) | |||
| 1583 | // Might this be an CIFS filesystem? | 1585 | // Might this be an CIFS filesystem? |
| 1584 | 1586 | ||
| 1585 | if (ENABLE_FEATURE_MOUNT_CIFS | 1587 | if (ENABLE_FEATURE_MOUNT_CIFS |
| 1586 | && (!mp->mnt_type || strcmp(mp->mnt_type,"cifs") == 0) | 1588 | && (!mp->mnt_type || strcmp(mp->mnt_type, "cifs") == 0) |
| 1587 | && (mp->mnt_fsname[0]=='/' || mp->mnt_fsname[0]=='\\') | 1589 | && (mp->mnt_fsname[0] == '/' || mp->mnt_fsname[0] == '\\') |
| 1588 | && mp->mnt_fsname[0]==mp->mnt_fsname[1] | 1590 | && mp->mnt_fsname[0] == mp->mnt_fsname[1] |
| 1589 | ) { | 1591 | ) { |
| 1590 | len_and_sockaddr *lsa; | 1592 | len_and_sockaddr *lsa; |
| 1591 | char *ip, *dotted; | 1593 | char *ip, *dotted; |
| @@ -1725,7 +1727,9 @@ int mount_main(int argc, char **argv) | |||
| 1725 | { | 1727 | { |
| 1726 | enum { OPT_ALL = 0x10 }; | 1728 | enum { OPT_ALL = 0x10 }; |
| 1727 | 1729 | ||
| 1728 | char *cmdopts = xstrdup(""), *fstype=0, *storage_path=0; | 1730 | char *cmdopts = xstrdup(""); |
| 1731 | char *fstype = NULL; | ||
| 1732 | char *storage_path = NULL; | ||
| 1729 | char *opt_o; | 1733 | char *opt_o; |
| 1730 | const char *fstabname; | 1734 | const char *fstabname; |
| 1731 | FILE *fstab; | 1735 | FILE *fstab; |
| @@ -1744,7 +1748,7 @@ int mount_main(int argc, char **argv) | |||
| 1744 | append_mount_options(&cmdopts, argv[i]+2); | 1748 | append_mount_options(&cmdopts, argv[i]+2); |
| 1745 | } else argv[j++] = argv[i]; | 1749 | } else argv[j++] = argv[i]; |
| 1746 | } | 1750 | } |
| 1747 | argv[j] = 0; | 1751 | argv[j] = NULL; |
| 1748 | argc = j; | 1752 | argc = j; |
| 1749 | 1753 | ||
| 1750 | // Parse remaining options | 1754 | // Parse remaining options |
| @@ -1895,12 +1899,13 @@ int mount_main(int argc, char **argv) | |||
| 1895 | 1899 | ||
| 1896 | } else { | 1900 | } else { |
| 1897 | // Do we need to match a filesystem type? | 1901 | // Do we need to match a filesystem type? |
| 1898 | if (fstype && match_fstype(mtcur, fstype)) continue; | 1902 | if (fstype && match_fstype(mtcur, fstype)) |
| 1903 | continue; | ||
| 1899 | 1904 | ||
| 1900 | // Skip noauto and swap anyway. | 1905 | // Skip noauto and swap anyway. |
| 1901 | 1906 | ||
| 1902 | if (parse_mount_options(mtcur->mnt_opts, 0) | 1907 | if (parse_mount_options(mtcur->mnt_opts, 0) & (MOUNT_NOAUTO | MOUNT_SWAP)) |
| 1903 | & (MOUNT_NOAUTO | MOUNT_SWAP)) continue; | 1908 | continue; |
| 1904 | 1909 | ||
| 1905 | // No, mount -a won't mount anything, | 1910 | // No, mount -a won't mount anything, |
| 1906 | // even user mounts, for mere humans. | 1911 | // even user mounts, for mere humans. |
| @@ -1909,9 +1914,8 @@ int mount_main(int argc, char **argv) | |||
| 1909 | bb_error_msg_and_die(must_be_root); | 1914 | bb_error_msg_and_die(must_be_root); |
| 1910 | 1915 | ||
| 1911 | // Mount this thing. | 1916 | // Mount this thing. |
| 1912 | if (ENABLE_FEATURE_MOUNT_LABEL) { | 1917 | if (ENABLE_FEATURE_MOUNT_LABEL) |
| 1913 | resolve_mount_spec(&mtpair->mnt_fsname); | 1918 | resolve_mount_spec(&mtpair->mnt_fsname); |
| 1914 | } | ||
| 1915 | 1919 | ||
| 1916 | // NFS mounts want this to be xrealloc-able | 1920 | // NFS mounts want this to be xrealloc-able |
| 1917 | mtcur->mnt_opts = xstrdup(mtcur->mnt_opts); | 1921 | mtcur->mnt_opts = xstrdup(mtcur->mnt_opts); |