[oe-commits] [openembedded-core] 05/17: glibc: Security fix CVE-2017-15671
git at git.openembedded.org
git at git.openembedded.org
Mon Jan 22 23:28:35 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit 9e411843b26d296ba2b048b581d31bd0221e25e6
Author: Armin Kuster <akuster808 at gmail.com>
AuthorDate: Sun Jan 21 09:59:54 2018 -0800
glibc: Security fix CVE-2017-15671
affects glibc < 2.27
only glibc in current master hash: 77f921dac17c5fa99bd9e926d926c327982895f7
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
meta/recipes-core/glibc/glibc/CVE-2017-15671.patch | 65 ++++++++++++++++++++++
meta/recipes-core/glibc/glibc_2.26.bb | 1 +
2 files changed, 66 insertions(+)
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
new file mode 100644
index 0000000..9a08784
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
@@ -0,0 +1,65 @@
+From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert at cs.ucla.edu>
+Date: Sun, 22 Oct 2017 10:00:57 +0200
+Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
+ #22332]
+
+(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
+
+Upstream-Status: Backport
+CVE: CVE-2017-15671
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+---
+ ChangeLog | 6 ++++++
+ NEWS | 4 ++++
+ posix/glob.c | 4 ++--
+ 3 files changed, 12 insertions(+), 2 deletions(-)
+
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -20,6 +20,10 @@ Security related changes:
+ on the stack or the heap, depending on the length of the user name).
+ Reported by Tim Rühsen.
+
++ The glob function, when invoked with GLOB_TILDE and without
++ GLOB_NOESCAPE, could write past the end of a buffer while
++ unescaping user names. Reported by Tim Rühsen.
++
+ The following bugs are resolved with this release:
+
+ [16750] ldd: Never run file directly.
+Index: git/posix/glob.c
+===================================================================
+--- git.orig/posix/glob.c
++++ git/posix/glob.c
+@@ -850,11 +850,11 @@ glob (const char *pattern, int flags, in
+ char *p = mempcpy (newp, dirname + 1,
+ unescape - dirname - 1);
+ char *q = unescape;
+- while (*q != '\0')
++ while (q != end_name)
+ {
+ if (*q == '\\')
+ {
+- if (q[1] == '\0')
++ if (q + 1 == end_name)
+ {
+ /* "~fo\\o\\" unescape to user_name "foo\\",
+ but "~fo\\o\\/" unescape to user_name
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-22 Paul Eggert <eggert at cs.ucla.edu>
++
++ [BZ #22332]
++ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
++ unescaping.
++
+ 2017-10-13 James Clarke <jrtc27 at jrtc27.com>
+
+ * sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela):
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb
index 04d9773..0ba29e4 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -43,6 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
file://0029-malloc-add-missing-arena-lock-in-malloc-info.patch \
+ file://CVE-2017-15671.patch \
"
NATIVESDKFIXES ?= ""
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list