diff options
author | Armin Kuster <akuster808@gmail.com> | 2018-01-21 09:59:54 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-22 23:25:47 +0000 |
commit | 9e411843b26d296ba2b048b581d31bd0221e25e6 (patch) | |
tree | 3a7109fa1daddf2f72b8f20333da2f4be6c20118 /meta/recipes-core | |
parent | ce6337ab4b415ee18360dfe4443a71ab75a60254 (diff) | |
download | openembedded-core-contrib-9e411843b26d296ba2b048b581d31bd0221e25e6.tar.gz |
glibc: Security fix CVE-2017-15671
affects glibc < 2.27
only glibc in current master hash: 77f921dac17c5fa99bd9e926d926c327982895f7
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2017-15671.patch | 65 | ||||
-rw-r--r-- | meta/recipes-core/glibc/glibc_2.26.bb | 1 |
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch new file mode 100644 index 00000000000..9a087841068 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch @@ -0,0 +1,65 @@ +From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun, 22 Oct 2017 10:00:57 +0200 +Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ + #22332] + +(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8) + +Upstream-Status: Backport +CVE: CVE-2017-15671 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 6 ++++++ + NEWS | 4 ++++ + posix/glob.c | 4 ++-- + 3 files changed, 12 insertions(+), 2 deletions(-) + +Index: git/NEWS +=================================================================== +--- git.orig/NEWS ++++ git/NEWS +@@ -20,6 +20,10 @@ Security related changes: + on the stack or the heap, depending on the length of the user name). + Reported by Tim Rühsen. + ++ The glob function, when invoked with GLOB_TILDE and without ++ GLOB_NOESCAPE, could write past the end of a buffer while ++ unescaping user names. Reported by Tim Rühsen. ++ + The following bugs are resolved with this release: + + [16750] ldd: Never run file directly. +Index: git/posix/glob.c +=================================================================== +--- git.orig/posix/glob.c ++++ git/posix/glob.c +@@ -850,11 +850,11 @@ glob (const char *pattern, int flags, in + char *p = mempcpy (newp, dirname + 1, + unescape - dirname - 1); + char *q = unescape; +- while (*q != '\0') ++ while (q != end_name) + { + if (*q == '\\') + { +- if (q[1] == '\0') ++ if (q + 1 == end_name) + { + /* "~fo\\o\\" unescape to user_name "foo\\", + but "~fo\\o\\/" unescape to user_name +Index: git/ChangeLog +=================================================================== +--- git.orig/ChangeLog ++++ git/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-22 Paul Eggert <eggert@cs.ucla.edu> ++ ++ [BZ #22332] ++ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE ++ unescaping. ++ + 2017-10-13 James Clarke <jrtc27@jrtc27.com> + + * sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela): diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb index 04d97734b3a..0ba29e45252 100644 --- a/meta/recipes-core/glibc/glibc_2.26.bb +++ b/meta/recipes-core/glibc/glibc_2.26.bb @@ -43,6 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \ file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \ file://0029-malloc-add-missing-arena-lock-in-malloc-info.patch \ + file://CVE-2017-15671.patch \ " NATIVESDKFIXES ?= "" |