[oe-commits] [openembedded-core] 02/07: glibc: Security fix CVE-2017-15671
git at git.openembedded.org
git at git.openembedded.org
Thu Jan 25 11:36:47 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch rocko
in repository openembedded-core.
commit b12c8f02bbd637ef05ad1518494d666c55eaf544
Author: Armin Kuster <akuster808 at gmail.com>
AuthorDate: Sat Jan 20 15:56:58 2018 -0800
glibc: Security fix CVE-2017-15671
affects glibc < 2.27
only glibc in current master hash: 77f921dac17c5fa99bd9e926d926c327982895f7
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-core/glibc/glibc/CVE-2017-15671.patch | 66 ++++++++++++++++++++++
meta/recipes-core/glibc/glibc_2.26.bb | 1 +
2 files changed, 67 insertions(+)
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
new file mode 100644
index 0000000..3569282
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
@@ -0,0 +1,66 @@
+From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert at cs.ucla.edu>
+Date: Sun, 22 Oct 2017 10:00:57 +0200
+Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
+ #22332]
+
+(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
+
+Upstream-Status: Backport
+CVE: CVE-2017-15671
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+---
+ ChangeLog | 6 ++++++
+ NEWS | 4 ++++
+ posix/glob.c | 4 ++--
+ 3 files changed, 12 insertions(+), 2 deletions(-)
+
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -211,6 +211,10 @@ Security related changes:
+ on the stack or the heap, depending on the length of the user name).
+ Reported by Tim Rühsen.
+
++ The glob function, when invoked with GLOB_TILDE and without
++ GLOB_NOESCAPE, could write past the end of a buffer while
++ unescaping user names. Reported by Tim Rühsen.
++
+ The following bugs are resolved with this release:
+
+ [984] network: Respond to changed resolv.conf in gethostbyname
+Index: git/posix/glob.c
+===================================================================
+--- git.orig/posix/glob.c
++++ git/posix/glob.c
+@@ -823,11 +823,11 @@ glob (const char *pattern, int flags, in
+ char *p = mempcpy (newp, dirname + 1,
+ unescape - dirname - 1);
+ char *q = unescape;
+- while (*q != '\0')
++ while (q != end_name)
+ {
+ if (*q == '\\')
+ {
+- if (q[1] == '\0')
++ if (q + 1 == end_name)
+ {
+ /* "~fo\\o\\" unescape to user_name "foo\\",
+ but "~fo\\o\\/" unescape to user_name
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,5 +1,10 @@
++
+ 2017-10-20 Paul Eggert <eggert at cs.ucla.edu>
+
++ [BZ #22332]
++ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
++ unescaping.
++
+ [BZ #22320]
+ CVE-2017-15670
+ * posix/glob.c (__glob): Fix one-byte overflow.
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb
index ed4ea4f..e4ba28f 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -44,6 +44,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
file://CVE-2017-15670.patch \
+ file://CVE-2017-15671.patch \
"
NATIVESDKFIXES ?= ""
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list