From 25c1bd0cbd212bf3d73858b218699cb611dcffe2 Mon Sep 17 00:00:00 2001
From: Mario Fetka <mario.fetka@gmail.com>
Date: Tue, 28 Apr 2026 20:56:04 +0200
Subject: [PATCH] Apply patch: ncpfs-2.2.6-CVE-2011-1679+1680.diff

---
 .../ncpfs-2.2.6-CVE-2011-1679+1680.diff       | 54 +++++++++++++++++++
 sutil/ncpm_common.c                           | 12 +++++
 sutil/ncpumount.c                             |  7 ++-
 3 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 .patches/ncpfs-2.2.6-r6/ncpfs-2.2.6-CVE-2011-1679+1680.diff

diff --git a/.patches/ncpfs-2.2.6-r6/ncpfs-2.2.6-CVE-2011-1679+1680.diff b/.patches/ncpfs-2.2.6-r6/ncpfs-2.2.6-CVE-2011-1679+1680.diff
new file mode 100644
index 0000000..e080e07
--- /dev/null
+++ b/.patches/ncpfs-2.2.6-r6/ncpfs-2.2.6-CVE-2011-1679+1680.diff
@@ -0,0 +1,54 @@
+diff -Naur ncpfs-2.2.6.orig/sutil/ncpumount.c ncpfs-2.2.6/sutil/ncpumount.c
+--- ncpfs-2.2.6.orig/sutil/ncpm_common.c	2012-08-31 11:12:54.372652698 +0400
++++ ncpfs-2.2.6/sutil/ncpm_common.c	2012-08-31 11:13:12.235236366 +0400
+@@ -1446,6 +1446,7 @@
+ 	struct mntent ment;
+ 	int fd;
+ 	FILE* mtab;
++	off_t	goodoffset;
+ 
+ 	if (check_name(mount_name) == -1 || check_name(mpnt) == -1)
+ 		errexit(107, _("Illegal character in mount entry\n"));
+@@ -1480,14 +1481,25 @@
+ 
+ 	if ((mtab = setmntent(MOUNTED, "a+")) == NULL)
+ 	{
++		unlink(MOUNTED "~");
+ 		errexit(59, _("Can't open %s\n"), MOUNTED);
+ 	}
++	fseek (mtab, 0, SEEK_END);
++	goodoffset = ftell(mtab);
+ 	if (addmntent(mtab, &ment) == 1)
+ 	{
++		/* restore good state */
++		ftruncate(fileno(mtab), goodoffset);
++		endmntent(mtab);
++		unlink(MOUNTED "~");
+ 		errexit(60, _("Can't write mount entry\n"));
+ 	}
+ 	if (fchmod(fileno(mtab), 0644) == -1)
+ 	{
++		/* restore good state */
++		ftruncate(fileno(mtab), goodoffset);
++		endmntent(mtab);
++		unlink(MOUNTED "~");
+ 		errexit(61, _("Can't set perms on %s\n"), MOUNTED);
+ 	}
+ 	endmntent(mtab);
+diff -Naur ncpfs-2.2.6.orig/sutil/ncpumount.c ncpfs-2.2.6/sutil/ncpumount.c
+--- ncpfs-2.2.6.orig/sutil/ncpumount.c	2012-08-31 11:12:54.372652698 +0400
++++ ncpfs-2.2.6/sutil/ncpumount.c	2012-08-31 11:13:12.235236366 +0400
+@@ -163,7 +163,12 @@
+ 			i++;
+ 		}
+ 		if (!found) {
+-			addmntent(new_mtab, mnt);
++			if (addmntent(new_mtab, mnt)) {
++				eprintf(_("Can't addmntent to %s: %s\n"), MOUNTED_TMP,
++					strerror(errno));
++				endmntent(mtab);
++				return 1;
++			}
+ 		}
+ 	}
+ 
diff --git a/sutil/ncpm_common.c b/sutil/ncpm_common.c
index 057905d..42d9cd1 100644
--- a/sutil/ncpm_common.c
+++ b/sutil/ncpm_common.c
@@ -1446,6 +1446,7 @@ void add_mnt_entry(char* mount_name, char* mpnt, unsigned long flags) {
 	struct mntent ment;
 	int fd;
 	FILE* mtab;
+	off_t	goodoffset;
 
 	if (check_name(mount_name) == -1 || check_name(mpnt) == -1)
 		errexit(107, _("Illegal character in mount entry\n"));
@@ -1480,14 +1481,25 @@ void add_mnt_entry(char* mount_name, char* mpnt, unsigned long flags) {
 
 	if ((mtab = setmntent(MOUNTED, "a+")) == NULL)
 	{
+		unlink(MOUNTED "~");
 		errexit(59, _("Can't open %s\n"), MOUNTED);
 	}
+	fseek (mtab, 0, SEEK_END);
+	goodoffset = ftell(mtab);
 	if (addmntent(mtab, &ment) == 1)
 	{
+		/* restore good state */
+		ftruncate(fileno(mtab), goodoffset);
+		endmntent(mtab);
+		unlink(MOUNTED "~");
 		errexit(60, _("Can't write mount entry\n"));
 	}
 	if (fchmod(fileno(mtab), 0644) == -1)
 	{
+		/* restore good state */
+		ftruncate(fileno(mtab), goodoffset);
+		endmntent(mtab);
+		unlink(MOUNTED "~");
 		errexit(61, _("Can't set perms on %s\n"), MOUNTED);
 	}
 	endmntent(mtab);
diff --git a/sutil/ncpumount.c b/sutil/ncpumount.c
index 297382d..f4f13d7 100644
--- a/sutil/ncpumount.c
+++ b/sutil/ncpumount.c
@@ -210,7 +210,12 @@ static int __clearMtab (const char* mount_points[], unsigned int numEntries) {
 			i++;
 		}
 		if (!found) {
-			addmntent(new_mtab, mnt);
+			if (addmntent(new_mtab, mnt)) {
+				eprintf(_("Can't addmntent to %s: %s\n"), MOUNTED_TMP,
+					strerror(errno));
+				endmntent(mtab);
+				return 1;
+			}
 		}
 	}