Package: cryptmount
Severity: normal
Tags: patch
X-Debbugs-Cc: [email protected]
There is a risk of cryptmount crashing with a SEGV error due to
incorrect memory initialization within the command-line parser
and its use of getopt_long(). This was originally flagged via
https://github.com/rwpenney/cryptmount/issues/1
The upstream GitHub repository already contains a fix for this issue,
and a patch is attached which contains the same fix.
-- System Information:
Debian Release: 12.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
diff --git a/cryptmount.c b/cryptmount.c
--- a/cryptmount.c
+++ b/cryptmount.c
@@ -1372,7 +1372,7 @@ cmmode_t parse_options(int argc, char *argv[],
#ifdef _GNU_SOURCE
struct option *longopts;
- longopts = (struct option*)malloc((n_options + 1) * sizeof(struct option));
+ longopts = (struct option*)calloc(n_options + 1, sizeof(struct option));
for (i=0; i<n_options; ++i) {
longopts[i].name = opt_table[i].longopt;
longopts[i].has_arg = ((opt_table[i].flags & NEEDS_ARG)
