glibc/glibc-2.24-CVE-2017-15670.patch

From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 20 Oct 2017 18:41:14 +0200
Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]

(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)

Upstream-Status: Backport
CVE: CVE-2017-15670
Affects: glibc < 2.27
signed-off-by: Armin Kuster <akuster@mvista.com>

---
 ChangeLog    | 6 ++++++
 NEWS         | 5 +++++
 posix/glob.c | 2 +-
 3 files changed, 12 insertions(+), 1 deletion(-)

Index: git/posix/glob.c
===================================================================
--- git.orig/posix/glob.c
+++ git/posix/glob.c
@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in
 		  *p = '\0';
 		}
 	      else
-		*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
+		*((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
 		  = '\0';
 	      user_name = newp;
 	    }
Backport upstream patches to fix CVE-2017-15670 and CVE-2017-15804 2018-11-11 02:24:02 +10:00			`From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001`
			`From: Paul Eggert <eggert@cs.ucla.edu>`
			`Date: Fri, 20 Oct 2017 18:41:14 +0200`
			`Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]`

			`(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)`

			`Upstream-Status: Backport`
			`CVE: CVE-2017-15670`
			`Affects: glibc < 2.27`
			`signed-off-by: Armin Kuster <akuster@mvista.com>`

			`---`
			`ChangeLog \| 6 ++++++`
			`NEWS \| 5 +++++`
			`posix/glob.c \| 2 +-`
			`3 files changed, 12 insertions(+), 1 deletion(-)`

			`Index: git/posix/glob.c`
			`===================================================================`
			`--- git.orig/posix/glob.c`
			`+++ git/posix/glob.c`
			`@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in`
			`*p = '\0';`
			`}`
			`else`
			`- ((char ) mempcpy (newp, dirname + 1, end_name - dirname))`
			`+ ((char ) mempcpy (newp, dirname + 1, end_name - dirname - 1))`
			`= '\0';`
			`user_name = newp;`
			`}`