Hi all,
I am in the process of updating Pardus Linux util-linux package to
util-linux-ng and I saw some important patches are missing. One of them is
the fix for CVE-2007-0822, the patch is from Mandriva.
Regards,
ismail
--
Le mieux est l'ennemi du bien.
--- util-linux-2.12r/mount/fstab.c.cve-2007-0822 2007-02-25 11:10:35.000000000 -0500
+++ util-linux-2.12r/mount/fstab.c 2007-02-25 11:13:16.000000000 -0500
@@ -289,9 +289,14 @@ has_label(const char *device, const char
int ret;
devlabel = mount_get_volume_label_by_spec(device);
- ret = !strcmp(label, devlabel);
- /* free(devlabel); */
- return ret;
+ /* blows up with a label and not root CVE-2007-0822 */
+ if (devlabel != NULL) {
+ ret = !strcmp(label, devlabel);
+ /* free(devlabel); */
+ return ret;
+ } else {
+ return 1;
+ }
}
static int
