From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14417
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Samuel Holland <samuel@sholland.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: [PATCH] use the correct stat structure in the fstat path
Date: Sat, 20 Jul 2019 23:52:26 -0500
Message-ID: <20190721045226.48772-1-samuel@sholland.org>
Reply-To: musl@lists.openwall.com
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="38542"; mail-complaints-to="usenet@blaine.gmane.org"
Cc: Samuel Holland <samuel@sholland.org>
To: Rich Felker <dalias@libc.org>,
	musl@lists.openwall.com
Original-X-From: musl-return-14433-gllmg-musl=m.gmane.org@lists.openwall.com Sun Jul 21 06:52:46 2019
Return-path: <musl-return-14433-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <musl-return-14433-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1hp3q1-0009xO-I3
	for gllmg-musl@m.gmane.org; Sun, 21 Jul 2019 06:52:46 +0200
Original-Received: (qmail 26151 invoked by uid 550); 21 Jul 2019 04:52:41 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 26116 invoked from network); 21 Jul 2019 04:52:41 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sholland.org; h=
	from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding; s=fm3; bh=F+py4eppTsV5s9YecTGpxjdxSh
	17fxPNqLn5ySZWOkQ=; b=PmiWbGLniqL+SJkU5JN133a8pgKrTgZp038+/GkyjP
	gJzgcNAN+uhPn9Lmv3QY4PXJUi3v+dpkLrJY47Oh1txooqdtK6ZGXrNsl68WqNzI
	0TcUYSFeIBdlhCURnyItmCyxCh/eYfA92qVGwNvVvRde7ZX/b4K13yfY+CBee/+p
	iyJbnv3DM2BcbrFUrFUi+31pF+6vfnVZumDfZCZjGGPVz6BcGpU9vcIHDj6itrFW
	eydeFRCMGLcyL2MEAgfblm1nQ3jjWfIv3LP3spoYO9rX+2OnXNFsOH+mStwl9paP
	QtdhM9XqAqaYd8Lo8BcgOI4enR/NDNMgF2tHxkg9rBQA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:date:from
	:message-id:mime-version:subject:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=F+py4eppTsV5s9Yec
	TGpxjdxSh17fxPNqLn5ySZWOkQ=; b=eGsd0ptmFJffOAlUtRpMKmYtwaUePHmX2
	PMAwmRkgwyox/bO/0nSEINtSTk2x5cGDcDP5v7dcoflOgz56qwFeZxbCJTTDqYAm
	QuJSB0otuLkTOP2X3eHxW5X+2QIRL/IaGoBRkCjpIso9eRRWECjg2QwbKjJGDHnq
	SD3VoXuItne/Vntzs60lPxuXMA8MP+fJqPlUjNufTSyEBj4K5pXQNfwAWh21dBf5
	uN5+xZ2f5wi7zndxGJI+ce4pmvyp9DNWdP6CK7TrWhr6Qb0uUlRJvkN1QwRt4POh
	VijG7eB8ljKYNYiwHqHvmsGY+/RWQNNuBtdATYzn4LZwNIrTQDeoQ==
X-ME-Sender: <xms:jO8zXX6IyhLFC2b8tn0hhk0RJeWdDUhGO71-XcEAJ7Xx1IxX0MNrzA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrjedtgdeludcutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffoggfgsedtkeertdertd
    dtnecuhfhrohhmpefurghmuhgvlhcujfholhhlrghnugcuoehsrghmuhgvlhesshhhohhl
    lhgrnhgurdhorhhgqeenucfkphepjedtrddufeehrddugeekrdduhedunecurfgrrhgrmh
    epmhgrihhlfhhrohhmpehsrghmuhgvlhesshhhohhllhgrnhgurdhorhhgnecuvehluhhs
    thgvrhfuihiivgeptd
X-ME-Proxy: <xmx:jO8zXQJag0NhvYXWBj1DyoSqB7S_NfvNAz8Gbgj375x9bcIDbM-scw>
    <xmx:jO8zXX6ibWDprzBNiqXX7h1tdqDsH0P8GB7pEwgRxiq3ELCcg-fa0g>
    <xmx:jO8zXTzfNAn0_hb_IPpAIY5ikkuUTaSPzKA48n86UOiEv95NZK61Ew>
    <xmx:je8zXaWpeJiUgj8rFwUadYpGa7_ncAA2g9_N7YjYOvSVVQptCOXvxQ>
X-Mailer: git-send-email 2.21.0
Xref: news.gmane.org gmane.linux.lib.musl.general:14417
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/14417>

commit 01ae3fc6d48f4a45535189b7a6db286535af08ca modified fstatat to
translate the kernel's struct stat ("kstat") into the libc struct stat.
To do this, it created a local kstat object, and copied its contents
into the user-provided object.

However, the commit neglected to update the fstat compatibility path and
its fallbacks. They continued to pass the user-supplied object to the
kernel, later overwiting it with the uninitialized memory in the local
temporary.
---
 src/stat/fstatat.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/stat/fstatat.c b/src/stat/fstatat.c
index 7de75462..d915fa10 100644
--- a/src/stat/fstatat.c
+++ b/src/stat/fstatat.c
@@ -67,16 +67,16 @@ static int fstatat_kstat(int fd, const char *restrict path, struct stat *restric
 	struct kstat kst;
 
 	if (flag==AT_EMPTY_PATH && fd>=0 && !*path) {
-		ret = __syscall(SYS_fstat, fd, st);
+		ret = __syscall(SYS_fstat, fd, &kst);
 		if (ret==-EBADF && __syscall(SYS_fcntl, fd, F_GETFD)>=0) {
-			ret = __syscall(SYS_fstatat, fd, path, st, flag);
+			ret = __syscall(SYS_fstatat, fd, path, &kst, flag);
 			if (ret==-EINVAL) {
 				char buf[15+3*sizeof(int)];
 				__procfdname(buf, fd);
 #ifdef SYS_stat
-				ret = __syscall(SYS_stat, buf, st);
+				ret = __syscall(SYS_stat, buf, &kst);
 #else
-				ret = __syscall(SYS_fstatat, AT_FDCWD, buf, st, 0);
+				ret = __syscall(SYS_fstatat, AT_FDCWD, buf, &kst, 0);
 #endif
 			}
 		}
-- 
2.21.0