1 files changed, 49 insertions, 0 deletions

diff --git a/system/vlock/10_fix-buffer-overflow.patch b/system/vlock/10_fix-buffer-overflow.patch
new file mode 100644
index 0000000000..2fe07386fe
--- /dev/null
+++ b/system/vlock/10_fix-buffer-overflow.patch
@@ -0,0 +1,49 @@
+Description: do not use fd_set with potentially large indices
+Author: Helmut Grohne <helmut@subdivi.de>
+Bug-Debian: http://bugs.debian.org/754594
+Last-Update: 2014-07-15
+
+--- vlock-2.2.2.orig/src/process.c
++++ vlock-2.2.2/src/process.c
+@@ -107,7 +107,7 @@ void ensure_death(pid_t pid)
+ 
+ /* Close all possibly open file descriptors except the ones specified in the
+  * given set. */
+-static void close_fds(fd_set *except_fds)
++static void close_fds(int except_fd)
+ {
+   struct rlimit r;
+   int maxfd;
+@@ -122,7 +122,8 @@ static void close_fds(fd_set *except_fds
+   /* Close all possibly open file descriptors except STDIN_FILENO,
+    * STDOUT_FILENO and STDERR_FILENO. */
+   for (int fd = 0; fd < maxfd; fd++)
+-    if (!FD_ISSET(fd, except_fds))
++    if(fd != STDIN_FILENO && fd != STDOUT_FILENO && fd != STDERR_FILENO
++        && fd != except_fd)
+       (void) close(fd);
+ }
+ 
+@@ -175,7 +176,6 @@ bool create_child(struct child_process *
+ 
+   if (child->pid == 0) {
+     /* Child. */
+-    fd_set except_fds;
+ 
+     if (child->stdin_fd == REDIRECT_PIPE)
+       (void) dup2(stdin_pipe[0], STDIN_FILENO);
+@@ -198,13 +198,7 @@ bool create_child(struct child_process *
+     else if (child->stderr_fd != NO_REDIRECT)
+       (void) dup2(child->stderr_fd, STDERR_FILENO);
+ 
+-    FD_ZERO(&except_fds);
+-    FD_SET(STDIN_FILENO, &except_fds);
+-    FD_SET(STDOUT_FILENO, &except_fds);
+-    FD_SET(STDERR_FILENO, &except_fds);
+-    FD_SET(status_pipe[1], &except_fds);
+-
+-    (void) close_fds(&except_fds);
++    (void) close_fds(status_pipe[1]);
+ 
+     (void) setgid(getgid());
+     (void) setuid(getuid());