mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-01 00:59:48 +00:00
Code Issues Projects Releases Wiki Activity

glibc: Security fix CVE-2017-15671

Browse Source 
affects glibc < 2.27
only glibc in current master hash: 77f921dac17c5fa99bd9e926d926c327982895f7

(From OE-Core rev: b12c8f02bbd637ef05ad1518494d666c55eaf544)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
2018-01-20 15:56:58 -08:00
committed by Richard Purdie
parent 1c27271cdd
commit 0aaf7b828d
2 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
+66
View File
@@ -0,0 +1,66 @@
From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun, 22 Oct 2017 10:00:57 +0200
Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
#22332]
(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
Upstream-Status: Backport
CVE: CVE-2017-15671
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
ChangeLog | 6 ++++++
NEWS | 4 ++++
posix/glob.c | 4 ++--
3 files changed, 12 insertions(+), 2 deletions(-)
Index: git/NEWS
===================================================================
--- git.orig/NEWS
+++ git/NEWS
@@ -211,6 +211,10 @@ Security related changes:
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
+ The glob function, when invoked with GLOB_TILDE and without
+ GLOB_NOESCAPE, could write past the end of a buffer while
+ unescaping user names. Reported by Tim Rühsen.
+
The following bugs are resolved with this release:
[984] network: Respond to changed resolv.conf in gethostbyname
Index: git/posix/glob.c
===================================================================
--- git.orig/posix/glob.c
+++ git/posix/glob.c
@@ -823,11 +823,11 @@ glob (const char *pattern, int flags, in
char *p = mempcpy (newp, dirname + 1,
unescape - dirname - 1);
char *q = unescape;
- while (*q != '\0')
+ while (q != end_name)
{
if (*q == '\\')
{
- if (q[1] == '\0')
+ if (q + 1 == end_name)
{
/* "~fo\\o\\" unescape to user_name "foo\\",
but "~fo\\o\\/" unescape to user_name
Index: git/ChangeLog
===================================================================
--- git.orig/ChangeLog
+++ git/ChangeLog
@@ -1,5 +1,10 @@
+
2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
+ [BZ #22332]
+ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
+ unescaping.
+
[BZ #22320]
CVE-2017-15670
* posix/glob.c (__glob): Fix one-byte overflow.
meta/recipes-core/glibc/glibc_2.26.bb
+1
View File
@@ -44,6 +44,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \ file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \ file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
file://CVE-2017-15670.patch \ file://CVE-2017-15670.patch \
file://CVE-2017-15671.patch \
" "
NATIVESDKFIXES ?= "" NATIVESDKFIXES ?= ""