diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/CMakeLists.txt | 2 | ||||
-rw-r--r-- | app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch | 31 |
2 files changed, 33 insertions, 0 deletions
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt index 6511df1..1962fbf 100644 --- a/app/CMakeLists.txt +++ b/app/CMakeLists.txt | |||
@@ -56,6 +56,8 @@ ExternalProject_Add(tinc | |||
56 | DEPENDS lzo libressl | 56 | DEPENDS lzo libressl |
57 | URL https://github.com/gsliepen/tinc/archive/f5223937e62e1cc5e9b3d322490dd3af8d666750.tar.gz | 57 | URL https://github.com/gsliepen/tinc/archive/f5223937e62e1cc5e9b3d322490dd3af8d666750.tar.gz |
58 | URL_HASH SHA256=3fe923e8fbb1e0192986039e91d6945ffbbe326ee8c2c0a13bacf80e87dad4a9 | 58 | URL_HASH SHA256=3fe923e8fbb1e0192986039e91d6945ffbbe326ee8c2c0a13bacf80e87dad4a9 |
59 | # TODO: remove patch once merged in upstream (https://github.com/gsliepen/tinc/pull/251) | ||
60 | PATCH_COMMAND patch -p1 < ${PROJECT_SOURCE_DIR}/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch | ||
59 | CONFIGURE_COMMAND autoreconf -fsi <SOURCE_DIR> && | 61 | CONFIGURE_COMMAND autoreconf -fsi <SOURCE_DIR> && |
60 | <SOURCE_DIR>/configure ${xCONFIG} | 62 | <SOURCE_DIR>/configure ${xCONFIG} |
61 | --with-openssl=${CMAKE_CURRENT_BINARY_DIR}/usr/local | 63 | --with-openssl=${CMAKE_CURRENT_BINARY_DIR}/usr/local |
diff --git a/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch b/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch new file mode 100644 index 0000000..85ab949 --- /dev/null +++ b/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | From b6498e6402d9681743b697c1c9f0760448b3be54 Mon Sep 17 00:00:00 2001 | ||
2 | From: pacien <pacien.trangirard@pacien.net> | ||
3 | Date: Wed, 9 Sep 2020 01:24:28 +0200 | ||
4 | Subject: [PATCH] tincctl: restrict umask argument for FORTIFY | ||
5 | |||
6 | `umask(mode)` calls that do not verify `(mode & 0777) == mode` are | ||
7 | rejected when the libc FORTIFY checks are enabled [1]. | ||
8 | |||
9 | The unrestricted `~perms` was indeed making this assertion fail. | ||
10 | |||
11 | [1]: https://android.googlesource.com/platform/bionic/+/refs/tags/android-11.0.0_r3/libc/bionic/fortify.cpp#404 | ||
12 | --- | ||
13 | src/tincctl.c | 2 +- | ||
14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/src/tincctl.c b/src/tincctl.c | ||
17 | index 08f30189..11c1a96c 100644 | ||
18 | --- a/src/tincctl.c | ||
19 | +++ b/src/tincctl.c | ||
20 | @@ -237,7 +237,7 @@ static bool parse_options(int argc, char **argv) { | ||
21 | FILE *fopenmask(const char *filename, const char *mode, mode_t perms) { | ||
22 | mode_t mask = umask(0); | ||
23 | perms &= ~mask; | ||
24 | - umask(~perms); | ||
25 | + umask(~perms & 0777); | ||
26 | FILE *f = fopen(filename, mode); | ||
27 | |||
28 | if(!f) { | ||
29 | -- | ||
30 | 2.25.4 | ||
31 | |||