mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-07 16:59:22 +00:00
Code Issues Projects Releases Wiki Activity

glibc: Security fix CVE-2017-15671

Browse Source 
affects glibc < 2.27
only glibc in current master hash: 77f921dac17c5fa99bd9e926d926c327982895f7

(From OE-Core rev: 9e411843b26d296ba2b048b581d31bd0221e25e6)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
2018-01-21 09:59:54 -08:00
committed by Richard Purdie
parent 1aa417df60
commit 042e562a77
2 changed files with 66 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
+65
View File
@@ -0,0 +1,65 @@
From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun, 22 Oct 2017 10:00:57 +0200
Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
#22332]
(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
Upstream-Status: Backport
CVE: CVE-2017-15671
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
ChangeLog | 6 ++++++
NEWS | 4 ++++
posix/glob.c | 4 ++--
3 files changed, 12 insertions(+), 2 deletions(-)
Index: git/NEWS
===================================================================
--- git.orig/NEWS
+++ git/NEWS
@@ -20,6 +20,10 @@ Security related changes:
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
+ The glob function, when invoked with GLOB_TILDE and without
+ GLOB_NOESCAPE, could write past the end of a buffer while
+ unescaping user names. Reported by Tim Rühsen.
+
The following bugs are resolved with this release:
[16750] ldd: Never run file directly.
Index: git/posix/glob.c
===================================================================
--- git.orig/posix/glob.c
+++ git/posix/glob.c
@@ -850,11 +850,11 @@ glob (const char *pattern, int flags, in
char *p = mempcpy (newp, dirname + 1,
unescape - dirname - 1);
char *q = unescape;
- while (*q != '\0')
+ while (q != end_name)
{
if (*q == '\\')
{
- if (q[1] == '\0')
+ if (q + 1 == end_name)
{
/* "~fo\\o\\" unescape to user_name "foo\\",
but "~fo\\o\\/" unescape to user_name
Index: git/ChangeLog
===================================================================
--- git.orig/ChangeLog
+++ git/ChangeLog
@@ -1,3 +1,9 @@
+2017-10-22 Paul Eggert <eggert@cs.ucla.edu>
+
+ [BZ #22332]
+ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
+ unescaping.
+
2017-10-13 James Clarke <jrtc27@jrtc27.com>
* sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela):
meta/recipes-core/glibc/glibc_2.26.bb
+1
View File
@@ -43,6 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
file://0029-malloc-add-missing-arena-lock-in-malloc-info.patch \
file://CVE-2017-15671.patch \
"
NATIVESDKFIXES ?= ""