Djam/glibc40
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/glibc40.git synced 2025-02-23 07:42:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Backport upstream patches to fix CVE-2017-15670 and CVE-2017-15804

Browse source
This commit is contained in:
Andrey Bondrov 2018-11-11 02:24:02 +10:00
parent ea7872920f
commit 6ff95a974c
3 changed files with 69 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
glibc-2.24-CVE-2017-15670.patch Normal file
View file

@ -0,0 +1,31 @@
From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 20 Oct 2017 18:41:14 +0200
Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)
Upstream-Status: Backport
CVE: CVE-2017-15670
Affects: glibc < 2.27
signed-off-by: Armin Kuster <akuster@mvista.com>
---
ChangeLog | 6 ++++++
NEWS | 5 +++++
posix/glob.c | 2 +-
3 files changed, 12 insertions(+), 1 deletion(-)
Index: git/posix/glob.c
===================================================================
--- git.orig/posix/glob.c
+++ git/posix/glob.c
@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in
*p = '\0';
}
else
- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
= '\0';
user_name = newp;
}

34
glibc-2.24-CVE-2017-15804.patch Normal file
View file

@ -0,0 +1,34 @@
From 94825c8924b80518214ad9e3ca1f6589f209592c Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun, 22 Oct 2017 10:00:57 +0200
Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
#22332]
(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
---
ChangeLog | 6 ++++++
NEWS | 4 ++++
posix/glob.c | 4 ++--
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/posix/glob.c b/posix/glob.c
index 026bc06..f3fa807 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -863,11 +863,11 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
char *p = mempcpy (newp, dirname + 1,
unescape - dirname - 1);
char *q = unescape;
- while (*q != '\0')
+ while (q != end_name)
{
if (*q == '\\')
{
- if (q[1] == '\0')
+ if (q + 1 == end_name)
{
/* "~fo\\o\\" unescape to user_name "foo\\",
but "~fo\\o\\/" unescape to user_name
--
2.9.3

5
glibc.spec
View file

@ -214,6 +214,8 @@ Patch202: glibc-2.24-CVE-2018-11236.patch
Patch203: glibc-2.24-CVE-2018-6485.patch
Patch204: glibc-2.24-CVE-2018-1000001.patch
Patch205: glibc-2.24-CVE-2017-16997.patch
Patch206: glibc-2.24-CVE-2017-15670.patch
Patch208: glibc-2.24-CVE-2017-15804.patch
BuildRequires: autoconf2.5
BuildRequires: gettext
@ -901,7 +903,8 @@ cp -a crypt_blowfish-%{crypt_bf_ver}/*.[chS] crypt/
%patch203 -p1
%patch204 -p1
%patch205 -p1
%patch206 -p1
%patch208 -p1
%if %{with selinux}
# XXX kludge to build nscd with selinux support as it added -nostdinc