search

AppImage / type2-runtime

The runtime is the executable part of every AppImage. It mounts the payload via FUSE and executes the entrypoint.
Other
17 stars 13 forks source link

Buffer overflow in libfuse patch #35

Open Bqleine opened 2 months ago

Bqleine commented 2 months ago

// For i = 4...99, check if there is a binary called "fusermount" + i // It is not yet known whether this will work for our purposes, but it is better than not even attempting for (int i = 4; i < 100; i++) { prog = findBinaryInFusermountDir("fusermount" + i); if (access(prog, X_OK) == 0) return prog; }

This adds to the string's pointer, it does not make a string concatenation at all. e.g it will lead to the following tries:

probonopd commented 2 months ago

Actually... won't

https://github.com/AppImage/type2-runtime/pull/32/files

fix this once it finally gets reviewed and merged?

Bqleine commented 2 months ago

The issue also got copied into these repositories: https://github.com/feather-wallet/feather/blob/c0a5a549f4f78b6e65efd12d4813aa2149afa7f9/contrib/depends/patches/libfuse/mount.c.diff#L4 https://github.com/probonopd/static-tools/blob/f0f6e679a001c4ad0e393f829a2396bf41f59cfe/patches/libfuse/mount.c.diff#L4