aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/CMakeLists.txt2
-rw-r--r--app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch31
2 files changed, 33 insertions, 0 deletions
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt
index 6511df1..1962fbf 100644
--- a/app/CMakeLists.txt
+++ b/app/CMakeLists.txt
@@ -56,6 +56,8 @@ ExternalProject_Add(tinc
56 DEPENDS lzo libressl 56 DEPENDS lzo libressl
57 URL https://github.com/gsliepen/tinc/archive/f5223937e62e1cc5e9b3d322490dd3af8d666750.tar.gz 57 URL https://github.com/gsliepen/tinc/archive/f5223937e62e1cc5e9b3d322490dd3af8d666750.tar.gz
58 URL_HASH SHA256=3fe923e8fbb1e0192986039e91d6945ffbbe326ee8c2c0a13bacf80e87dad4a9 58 URL_HASH SHA256=3fe923e8fbb1e0192986039e91d6945ffbbe326ee8c2c0a13bacf80e87dad4a9
59 # TODO: remove patch once merged in upstream (https://github.com/gsliepen/tinc/pull/251)
60 PATCH_COMMAND patch -p1 < ${PROJECT_SOURCE_DIR}/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch
59 CONFIGURE_COMMAND autoreconf -fsi <SOURCE_DIR> && 61 CONFIGURE_COMMAND autoreconf -fsi <SOURCE_DIR> &&
60 <SOURCE_DIR>/configure ${xCONFIG} 62 <SOURCE_DIR>/configure ${xCONFIG}
61 --with-openssl=${CMAKE_CURRENT_BINARY_DIR}/usr/local 63 --with-openssl=${CMAKE_CURRENT_BINARY_DIR}/usr/local
diff --git a/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch b/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch
new file mode 100644
index 0000000..85ab949
--- /dev/null
+++ b/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch
@@ -0,0 +1,31 @@
1From b6498e6402d9681743b697c1c9f0760448b3be54 Mon Sep 17 00:00:00 2001
2From: pacien <pacien.trangirard@pacien.net>
3Date: Wed, 9 Sep 2020 01:24:28 +0200
4Subject: [PATCH] tincctl: restrict umask argument for FORTIFY
5
6`umask(mode)` calls that do not verify `(mode & 0777) == mode` are
7rejected when the libc FORTIFY checks are enabled [1].
8
9The unrestricted `~perms` was indeed making this assertion fail.
10
11[1]: https://android.googlesource.com/platform/bionic/+/refs/tags/android-11.0.0_r3/libc/bionic/fortify.cpp#404
12---
13 src/tincctl.c | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16diff --git a/src/tincctl.c b/src/tincctl.c
17index 08f30189..11c1a96c 100644
18--- a/src/tincctl.c
19+++ b/src/tincctl.c
20@@ -237,7 +237,7 @@ static bool parse_options(int argc, char **argv) {
21 FILE *fopenmask(const char *filename, const char *mode, mode_t perms) {
22 mode_t mask = umask(0);
23 perms &= ~mask;
24- umask(~perms);
25+ umask(~perms & 0777);
26 FILE *f = fopen(filename, mode);
27
28 if(!f) {
29--
302.25.4
31