summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2018-01-21 09:59:54 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-01-23 23:43:45 +0000
commit042e562a7732f78828a26fb0443f12925435cc12 (patch)
tree52a86c2f1ea27e8631a0284da9956e870e6c98f1
parent1aa417df604d2627c56232a7a2c396c6b085d74b (diff)
downloadpoky-042e562a7732f78828a26fb0443f12925435cc12.tar.gz
glibc: Security fix CVE-2017-15671
affects glibc < 2.27 only glibc in current master hash: 77f921dac17c5fa99bd9e926d926c327982895f7 (From OE-Core rev: 9e411843b26d296ba2b048b581d31bd0221e25e6) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2017-15671.patch65
-rw-r--r--meta/recipes-core/glibc/glibc_2.26.bb1
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
new file mode 100644
index 0000000000..9a08784106
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
@@ -0,0 +1,65 @@
1From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
2From: Paul Eggert <eggert@cs.ucla.edu>
3Date: Sun, 22 Oct 2017 10:00:57 +0200
4Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
5 #22332]
6
7(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
8
9Upstream-Status: Backport
10CVE: CVE-2017-15671
11Signed-off-by: Armin Kuster <akuster@mvista.com>
12
13---
14 ChangeLog | 6 ++++++
15 NEWS | 4 ++++
16 posix/glob.c | 4 ++--
17 3 files changed, 12 insertions(+), 2 deletions(-)
18
19Index: git/NEWS
20===================================================================
21--- git.orig/NEWS
22+++ git/NEWS
23@@ -20,6 +20,10 @@ Security related changes:
24 on the stack or the heap, depending on the length of the user name).
25 Reported by Tim Rühsen.
26
27+ The glob function, when invoked with GLOB_TILDE and without
28+ GLOB_NOESCAPE, could write past the end of a buffer while
29+ unescaping user names. Reported by Tim Rühsen.
30+
31 The following bugs are resolved with this release:
32
33 [16750] ldd: Never run file directly.
34Index: git/posix/glob.c
35===================================================================
36--- git.orig/posix/glob.c
37+++ git/posix/glob.c
38@@ -850,11 +850,11 @@ glob (const char *pattern, int flags, in
39 char *p = mempcpy (newp, dirname + 1,
40 unescape - dirname - 1);
41 char *q = unescape;
42- while (*q != '\0')
43+ while (q != end_name)
44 {
45 if (*q == '\\')
46 {
47- if (q[1] == '\0')
48+ if (q + 1 == end_name)
49 {
50 /* "~fo\\o\\" unescape to user_name "foo\\",
51 but "~fo\\o\\/" unescape to user_name
52Index: git/ChangeLog
53===================================================================
54--- git.orig/ChangeLog
55+++ git/ChangeLog
56@@ -1,3 +1,9 @@
57+2017-10-22 Paul Eggert <eggert@cs.ucla.edu>
58+
59+ [BZ #22332]
60+ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
61+ unescaping.
62+
63 2017-10-13 James Clarke <jrtc27@jrtc27.com>
64
65 * sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela):
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb
index 04d97734b3..0ba29e4525 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -43,6 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
43 file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \ 43 file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
44 file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \ 44 file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
45 file://0029-malloc-add-missing-arena-lock-in-malloc-info.patch \ 45 file://0029-malloc-add-missing-arena-lock-in-malloc-info.patch \
46 file://CVE-2017-15671.patch \
46" 47"
47 48
48NATIVESDKFIXES ?= "" 49NATIVESDKFIXES ?= ""