glibc: CVE-2017-15670

Source: git://sourceware.org/git/glibc.git MR: 76647 Type: Security Fix Disposition: Backport from glibc-2.27 ChangeID: f4494e472d36748c2b3171a91640b26c638f6e0b Description: CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320] Affects: glibc < 2.27 (From OE-Core rev: 25bd45375fd90489a3d80955b2f0f7c800e9fc9a) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Thiruvadi Rajaraman <trajaraman@mvista.com> 2017-11-16 18:31:26 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-12-09 14:34:35 +0000
commit: 40cfd513e949805c1e263df505ec6049b2c324d1 (patch)
tree: 2aa121db73788cc87bc61c760fdcafd656a16559 /meta/recipes-core/glibc
parent: b6a0e9dd646501e5dc477f73180d6db1153aa004 (diff)
download: poky-40cfd513e949805c1e263df505ec6049b2c324d1.tar.gz
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
new file mode 100644
index 0000000000..b606cc275f
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
@@ -0,0 +1,38 @@
+commit a76376df7c07e577a9515c3faa5dbd50bda5da07
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Fri Oct 20 18:41:14 2017 +0200
+    CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+    
+Upstream-Status: Backport
+CVE: CVE-2017-15670
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog  2017-11-16 18:12:32.457928327 +0530
+++ git/ChangeLog       2017-11-16 18:18:24.423642908 +0530
+@@ -1,3 +1,9 @@
+2017-10-20  Paul Eggert <eggert@cs.ucla.edu>
+
+       [BZ #22320]
+       CVE-2017-15670
+       * posix/glob.c (__glob): Fix one-byte overflow.
+
+ 2017-05-05  Florian Weimer  <fweimer@redhat.com>
+ 
+        [BZ #21461]
+Index: git/posix/glob.c
+===================================================================
+--- git.orig/posix/glob.c       2017-11-16 18:12:14.833843602 +0530
+++ git/posix/glob.c    2017-11-16 18:16:39.511127432 +0530
+@@ -856,7 +856,7 @@
+                  *p = '\0';
+                }
+              else
+-               *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
+               *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+                  = '\0';
+              user_name = newp;
+            }
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb
index 966be34405..6ea45857d2 100644
--- a/meta/recipes-core/glibc/glibc_2.24.bb
+++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -57,6 +57,7 @@ SRC_URI += "\
           file://generate-supported.mk \
           file://0001-locale-fix-hard-coded-reference-to-gcc-E.patch \
           file://CVE-2017-8804.patch \
+           file://CVE-2017-15670.patch \
           "
 SRC_URI_append_class-nativesdk = "\
author	Thiruvadi Rajaraman <trajaraman@mvista.com>	2017-11-16 18:31:26 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-12-09 14:34:35 +0000
commit	40cfd513e949805c1e263df505ec6049b2c324d1 (patch)
tree	2aa121db73788cc87bc61c760fdcafd656a16559 /meta/recipes-core/glibc
parent	b6a0e9dd646501e5dc477f73180d6db1153aa004 (diff)
download	poky-40cfd513e949805c1e263df505ec6049b2c324d1.tar.gz

diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch new file mode 100644 index 0000000000..b606cc275f --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
@@ -0,0 +1,38 @@
		1	commit a76376df7c07e577a9515c3faa5dbd50bda5da07
		2	Author: Paul Eggert <eggert@cs.ucla.edu>
		3	Date: Fri Oct 20 18:41:14 2017 +0200
		4
		5	CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
		6
		7	Upstream-Status: Backport
		8
		9	CVE: CVE-2017-15670
		10	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
		11
		12	Index: git/ChangeLog
		13	===================================================================
		14	--- git.orig/ChangeLog 2017-11-16 18:12:32.457928327 +0530
		15	+++ git/ChangeLog 2017-11-16 18:18:24.423642908 +0530
		16	@@ -1,3 +1,9 @@
		17	+2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
		18	+
		19	+ [BZ #22320]
		20	+ CVE-2017-15670
		21	+ * posix/glob.c (__glob): Fix one-byte overflow.
		22	+
		23	2017-05-05 Florian Weimer <fweimer@redhat.com>
		24
		25	[BZ #21461]
		26	Index: git/posix/glob.c
		27	===================================================================
		28	--- git.orig/posix/glob.c 2017-11-16 18:12:14.833843602 +0530
		29	+++ git/posix/glob.c 2017-11-16 18:16:39.511127432 +0530
		30	@@ -856,7 +856,7 @@
		31	*p = '\0';
		32	}
		33	else
		34	- ((char ) mempcpy (newp, dirname + 1, end_name - dirname))
		35	+ ((char ) mempcpy (newp, dirname + 1, end_name - dirname - 1))
		36	= '\0';
		37	user_name = newp;
		38	}


diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb index 966be34405..6ea45857d2 100644 --- a/meta/recipes-core/glibc/glibc_2.24.bb +++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -57,6 +57,7 @@ SRC_URI += "\
57	file://generate-supported.mk \	57	file://generate-supported.mk \
58	file://0001-locale-fix-hard-coded-reference-to-gcc-E.patch \	58	file://0001-locale-fix-hard-coded-reference-to-gcc-E.patch \
59	file://CVE-2017-8804.patch \	59	file://CVE-2017-8804.patch \
		60	file://CVE-2017-15670.patch \
60	"	61	"
61		62
62	SRC_URI_append_class-nativesdk = "\	63	SRC_URI_append_class-nativesdk = "\