Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <e666541d-251d-db68-838a-9fedf473a7ca@mail.ustc.edu.cn>
Date: Wed, 6 Apr 2022 01:09:13 +0800
From: Keyu Tao <taoky@...l.ustc.edu.cn>
To: musl@...ts.openwall.com
Subject: getmntent() fails to parse when source is empty string

Hi,

The first argument (const char *source) of mount(2) can be an empty 
string like this:

mount("", "/tmp/test1", "tmpfs", MS_NODEV | MS_NOSUID, NULL);

After mounting in Linux, the /etc/mtab shows this mountpoint like:

  /tmp/test1 tmpfs rw,nosuid,nodev,relatime,inode64 0 0

However, getmntent_r() in musl (in L42 of root/src/misc/mntent.c) uses 
sscanf() to parse mounted filesystem description:

cnt = sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d", ...)

When parsing the weird mountpoint, the value of cnt is 1: the mountpoint 
gets ignored and the do-while loop continues. I'm wondering whether it 
would be considered as a bug of musl.

Thank you.

(P.S: I'm not subscribed to the mail list and I would like to be Cc'd on 
replies)

===

Reproduction (in an Alpine 3.15 container on Debian 11, kernel version = 
5.15.0-0.bpo.3-amd64):

$ sudo docker run -it --rm --privileged -v /tmp:/test alpine:3.15
/ # apk add build-base
/ # cat /test/mount.c
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>

int main(void) {
     int ret = mkdir("/tmp/test1", 0777);
     if (ret && errno != EEXIST) {
         perror("mkdir (1)");
     }
     ret = mount("", "/tmp/test1", "tmpfs", MS_NODEV | MS_NOSUID, NULL);
     if (ret) {
         perror("mount (1)");
     }
     ret = mkdir("/tmp/test2", 0777);
     if (ret && errno != EEXIST) {
         perror("mkdir (2)");
     }
     ret = mount(NULL, "/tmp/test2", "tmpfs", MS_NODEV | MS_NOSUID, NULL);
     if (ret) {
         perror("mount (2)");
     }
     // umount("/tmp/test1");
     // umount("/tmp/test2");
     return 0;
}
/ # gcc /test/mount.c
/ # ./a.out
/ # mount
(other mountpoints omitted)
devpts on /dev/console type devpts 
(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
none on /tmp/test2 type tmpfs (rw,nosuid,nodev,relatime,inode64)
/ # cat /etc/mtab
(other mountpoints omitted)
devpts /dev/console devpts 
rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666 0 0
  /tmp/test1 tmpfs rw,nosuid,nodev,relatime,inode64 0 0
none /tmp/test2 tmpfs rw,nosuid,nodev,relatime,inode64 0 0

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.