Fix undefined behaviour with O_RDONLY|O_CREAT in rofiles-fuse

diff --git a/debian/changelog b/debian/changelog
index 4f80a9ddec7c48601ca8e9fd60256c722ace4d10..3137657b96623e474442f97ce11b12e6ab921087 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ ostree (2017.11-2) UNRELEASED; urgency=medium
   * Add a patch to fix FTBFS in non-English locales
   * Add a patch to fix FTBFS if building as root with umask != 022,
     which for some reason debomatic does (Closes: #876138)
+  * Add a patch from upstream to fix undefined behaviour with
+    O_RDONLY|O_CREAT in rofiles-fuse
 
  -- Simon McVittie <smcv@debian.org>  Tue, 19 Sep 2017 10:37:12 +0100
 

diff --git a/debian/patches/2017.12/rofiles-fuse-also-pass-mode-for-O_RDONLY.patch b/debian/patches/2017.12/rofiles-fuse-also-pass-mode-for-O_RDONLY.patch
new file mode 100644 (file)
index 0000000..e12dd2b
--- /dev/null
+++ b/debian/patches/2017.12/rofiles-fuse-also-pass-mode-for-O_RDONLY.patch
@@ -0,0 +1,70 @@
+From: Jonathan Lebon <jlebon@redhat.com>
+Date: Wed, 20 Sep 2017 18:38:16 +0000
+Subject: rofiles-fuse: also pass mode for O_RDONLY
+
+In the `O_RDONLY` case, we were calling `openat` without a mode
+argument. However, it's perfectly legal (albeit unusual) to do
+`open(O_RDONLY|O_CREAT)`. One such application that makes use of this is
+`flock(1)`.
+
+This was actually caught by `_FORTIFY_SOURCE=2`, and once we run
+`rofiles-fuse` with `-f`, the message is clear:
+
+```
+*** invalid openat64 call: O_CREAT or O_TMPFILE without mode ***:
+rofiles-fuse terminated
+======= Backtrace: =========
+/lib64/libc.so.6(+0x7c8dc)[0x7f36d9f188dc]
+/lib64/libc.so.6(__fortify_fail+0x37)[0x7f36d9fbfaa7]
+/lib64/libc.so.6(+0x10019a)[0x7f36d9f9c19a]
+rofiles-fuse[0x401768]
+...
+```
+
+Without `_FORTIFY_SOURCE`, the file gets created, but its mode is
+completely random.
+
+I ran into this while investigating
+https://github.com/projectatomic/rpm-ostree/pull/1003.
+
+Closes: #1200
+Approved by: cgwalters
+Origin: upstream, 2017.12, commit:d4c7093e370843c57eab2f89f0c39ef449e6b32e
+---
+ src/rofiles-fuse/main.c    | 2 +-
+ tests/test-rofiles-fuse.sh | 5 ++++-
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/rofiles-fuse/main.c b/src/rofiles-fuse/main.c
+index 6deaa6d..f2b1b65 100644
+--- a/src/rofiles-fuse/main.c
++++ b/src/rofiles-fuse/main.c
+@@ -313,7 +313,7 @@ do_open (const char *path, mode_t mode, struct fuse_file_info *finfo)
+   if ((finfo->flags & O_ACCMODE) == O_RDONLY)
+     {
+       /* Read */
+-      fd = openat (basefd, path, finfo->flags);
++      fd = openat (basefd, path, finfo->flags, mode);
+       if (fd == -1)
+         return -errno;
+     }
+diff --git a/tests/test-rofiles-fuse.sh b/tests/test-rofiles-fuse.sh
+index d329d76..6222929 100755
+--- a/tests/test-rofiles-fuse.sh
++++ b/tests/test-rofiles-fuse.sh
+@@ -26,7 +26,7 @@ skip_without_user_xattrs
+ 
+ setup_test_repository "bare"
+ 
+-echo "1..7"
++echo "1..8"
+ 
+ cd ${test_tmpdir}
+ mkdir mnt
+@@ -114,3 +114,6 @@ fi
+ assert_file_has_content err.txt "Unable to do hardlink checkout across devices"
+ 
+ echo "ok checkout copy fallback"
++
++# check that O_RDONLY|O_CREAT is handled correctly; used by flock(1) at least
++flock mnt/nonexistent-file echo "ok create file in ro mode"

diff --git a/debian/patches/series b/debian/patches/series
index d89120cd65aa2483745c64c4a0b4cbbfea94d378..109f6e8e2c1a2d8207f7702e01763322e167c289 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 2017.12/tests-Fix-JavaScript-tests-with-gjs-1.50.0.patch
 2017.12/tests-Explicitly-unset-LANGUAGE-after-setting-LC_ALL.patch
 2017.12/tests-Reset-umask-to-022-while-creating-test-repository.patch
+2017.12/rofiles-fuse-also-pass-mode-for-O_RDONLY.patch