From bbbcbd579023e5d59e15995dccfacd40b7a07322 Mon Sep 17 00:00:00 2001
From: Michal Hlavinka <mhlavink@redhat.com>
Date: Jul 19 2011 14:27:03 +0000
Subject: do not use memcpy for overlaping areas

fix broken pam module resulting in session with wrong gid

---

diff --git a/ecryptfs-utils-87-fixgid.patch b/ecryptfs-utils-87-fixgid.patch
new file mode 100644
index 0000000..5b8e39e
--- /dev/null
+++ b/ecryptfs-utils-87-fixgid.patch
@@ -0,0 +1,58 @@
+diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid	2011-07-19 15:58:45.337539138 +0200
++++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-07-19 16:02:09.542029724 +0200
+@@ -217,7 +217,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 		}
+ out_child:
+ 		free(auth_tok_sig);
+-		exit(0);
++		_exit(0);
+ 	}
+ 	tmp_pid = waitpid(child_pid, NULL, 0);
+ 	if (tmp_pid == -1)
+@@ -309,7 +309,7 @@ static int private_dir(pam_handle_t *pam
+ 			    pwd->pw_dir) < 0) || recorded == NULL) {
+ 				syslog(LOG_ERR,
+ 				   "Error allocating memory for recorded name");
+-				return 1;
++				_exit(255);
+ 			}
+ 			if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
+ 				/* User has not recorded their passphrase */
+@@ -322,23 +322,25 @@ static int private_dir(pam_handle_t *pam
+ 				/* User does not want to auto-mount */
+ 				syslog(LOG_INFO,
+ 					"Skipping automatic eCryptfs mount");
+-				return 0;
++				_exit(0);
+ 			}
+ 			/* run mount.ecryptfs_private as the user */
+ 			setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
+ 			execl("/sbin/mount.ecryptfs_private",
+ 			      "mount.ecryptfs_private", NULL);
++			_exit(255);
+ 		} else {
+ 			if (stat(autofile, &s) != 0) {
+ 				/* User does not want to auto-unmount */
+ 				syslog(LOG_INFO,
+ 					"Skipping automatic eCryptfs unmount");
+-				return 0;
++				_exit(0);
+ 			}
+ 			/* run umount.ecryptfs_private as the user */
+ 			setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
+ 			execl("/sbin/umount.ecryptfs_private",
+  			      "umount.ecryptfs_private", NULL);
++			_exit(255);
+ 		}
+ 		return 1;
+ 	} else {
+@@ -482,7 +484,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ 			goto out_child;
+ 		}
+ out_child:
+-		exit(0);
++		_exit(0);
+ 	}
+ 	if ((tmp_pid = waitpid(child_pid, NULL, 0)) == -1)
+ 		syslog(LOG_WARNING,
diff --git a/ecryptfs-utils-87-memcpyfix.patch b/ecryptfs-utils-87-memcpyfix.patch
new file mode 100644
index 0000000..3e7a5cd
--- /dev/null
+++ b/ecryptfs-utils-87-memcpyfix.patch
@@ -0,0 +1,21 @@
+diff -up ecryptfs-utils-87/src/utils/mount.ecryptfs.c.memcpyfix ecryptfs-utils-87/src/utils/mount.ecryptfs.c
+--- ecryptfs-utils-87/src/utils/mount.ecryptfs.c.memcpyfix	2011-07-11 15:04:00.742821125 +0200
++++ ecryptfs-utils-87/src/utils/mount.ecryptfs.c	2011-07-11 15:04:15.590926517 +0200
+@@ -189,7 +189,7 @@ static int ecryptfs_generate_mount_flags
+ 			*end = '\0';
+ 			break;
+ 		}
+-		memcpy(opt, next_opt, end - next_opt);
++		memmove(opt, next_opt, end - next_opt);
+ 		end = end - (next_opt - opt);
+ 		*end = '\0';
+ 	}
+@@ -416,7 +416,7 @@ static int opts_str_contains_option(char
+ 			*end = '\0';
+ 			break;
+ 		}
+-		memcpy(opt, next_opt, end - next_opt);
++		memmove(opt, next_opt, end - next_opt);
+ 		end = end - (next_opt - opt);
+ 		*end = '\0';
+ 	}
diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec
index 8351d72..2ef3d5e 100644
--- a/ecryptfs-utils.spec
+++ b/ecryptfs-utils.spec
@@ -5,7 +5,7 @@
 
 Name: ecryptfs-utils
 Version: 87
-Release: 5%{?dist}
+Release: 6%{?dist}
 Summary: The eCryptfs mount helper and support libraries
 Group: System Environment/Base
 License: GPLv2+
@@ -41,9 +41,15 @@ Patch10: ecryptfs-utils-87-mtab.patch
 # fedora/rhel specific, check for pam ecryptfs module before home migration
 Patch11: ecryptfs-utils-87-authconfig.patch
 
+# memcpy can't be used on overlaping areas
+Patch12: ecryptfs-utils-87-memcpyfix.patch
+
 # allow building with -Werror
 Patch999: ecryptfs-utils-75-werror.patch
 
+# rhbz#722445
+Patch13: ecryptfs-utils-87-fixgid.patch
+
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Requires: keyutils, cryptsetup-luks, util-linux-ng, gettext
 BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel
@@ -90,7 +96,9 @@ the interface supplied by the ecryptfs-utils library.
 %patch9 -p1 -b .autoload
 %patch10 -p1 -b .mtabfix
 %patch11 -p1 -b .authconfig
+%patch12 -p1 -b .memcpyfix
 %patch999 -p1 -b .werror
+%patch13 -p1 -b .fixgid
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits"
@@ -218,6 +226,10 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/ecryptfs-utils/_libecryptfs.so
 
 %changelog
+* Tue Jul 19 2011 Michal Hlavinka <mhlavink@redhat.com> - 87-6
+- do not use memcpy for overlaping areas
+- fix broken pam module resulting in session with wrong gid
+
 * Mon Jul 11 2011 Michal Hlavinka <mhlavink@redhat.com> - 87-5
 - fix mtab handling everywhere