From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 20 Oct 2017 18:41:14 +0200
Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]

(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)

Upstream-Status: Backport
CVE: CVE-2017-15670
Affects: glibc < 2.27
signed-off-by: Armin Kuster <akuster@mvista.com>

---
 ChangeLog    | 6 ++++++
 NEWS         | 5 +++++
 posix/glob.c | 2 +-
 3 files changed, 12 insertions(+), 1 deletion(-)

Index: git/posix/glob.c
===================================================================
--- git.orig/posix/glob.c
+++ git/posix/glob.c
@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in
 		  *p = '\0';
 		}
 	      else
-		*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
+		*((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
 		  = '\0';
 	      user_name = newp;
 	    }