From 464dafff94dfaf962f6301fd91ef56c90e4e7d67 Mon Sep 17 00:00:00 2001
From: Petr Písař <ppisar@redhat.com>
Date: Jul 04 2017 13:31:40 +0000
Subject: Fix an undefined behavior on parsing yes-no answer


---

diff --git a/quota-4.03-quotacheck-fix-ask_yn-UB-when-fgets-returns-NULL.patch b/quota-4.03-quotacheck-fix-ask_yn-UB-when-fgets-returns-NULL.patch
new file mode 100644
index 0000000..521dcd4
--- /dev/null
+++ b/quota-4.03-quotacheck-fix-ask_yn-UB-when-fgets-returns-NULL.patch
@@ -0,0 +1,43 @@
+From f1a97618031701ee9561e95ace4c7a52fd5dbd79 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Thu, 18 May 2017 12:28:26 +0300
+Subject: [PATCH] quotacheck: fix ask_yn UB when fgets returns NULL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Do not use a random value from the stack as an answer when fgets
+returns NULL, return the default value in the latter case.
+
+Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ quotacheck.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/quotacheck.c b/quotacheck.c
+index 1675de8..689ceb9 100644
+--- a/quotacheck.c
++++ b/quotacheck.c
+@@ -600,8 +600,7 @@ int ask_yn(char *q, int def)
+ 
+ 	printf("%s [%c]: ", q, def ? 'y' : 'n');
+ 	fflush(stdout);
+-	while (1) {
+-		fgets(a, sizeof(a)-1, stdin);
++	while (fgets(a, sizeof(a)-1, stdin)) {
+ 		if (a[0] == '\n')
+ 			return def;
+ 		if (!strcasecmp(a, "y\n"))
+@@ -611,6 +610,7 @@ int ask_yn(char *q, int def)
+ 		printf("Illegal answer. Please answer y/n: ");
+ 		fflush(stdout);
+ 	}
++	return def;
+ }
+ 
+ /* Do checks and buffer quota file into memory */
+-- 
+2.9.4
+
diff --git a/quota.spec b/quota.spec
index e306b46..3a2e9a5 100644
--- a/quota.spec
+++ b/quota.spec
@@ -66,6 +66,8 @@ Patch11:    quota-4.03-Do-not-install-quota_nld.8-when-quota_nld-is-not-ins.patc
 # Fix a race between checking for and opening a directory to be scanned,
 # in upstream after 4.03
 Patch12:    quota-4.03-quotacheck-change-to-the-directory-before-opening-it.patch
+# Fix an undefined behavior on parsing yes-no answer, in upstream after 4.03
+Patch13:    quota-4.03-quotacheck-fix-ask_yn-UB-when-fgets-returns-NULL.patch
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: bash
@@ -186,6 +188,7 @@ Linux/UNIX environment.
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
 # Unpack forgotten LDAP scripts
 tar -xzkf %{SOURCE5}
 # Regenerate build scripts, also because of Respect-enviroment-CFLAGS.patch
@@ -304,6 +307,7 @@ make check
 * Tue Jul 04 2017 Petr Pisar <ppisar@redhat.com> - 1:4.03-9
 - Fix disabling features at build time
 - Fix a race between checking for and opening a directory to be scanned
+- Fix an undefined behavior on parsing yes-no answer
 
 * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:4.03-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild