summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424')
-rw-r--r--meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-1242446
1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424 b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
new file mode 100644
index 0000000000..4d3e1e016c
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
@@ -0,0 +1,46 @@
1From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
2From: Tomas Mraz <tmraz@fedoraproject.org>
3Date: Fri, 31 Mar 2017 16:25:06 +0200
4Subject: [PATCH] Fix buffer overflow if NULL line is present in db.
5
6If ptr->line == NULL for an entry, the first cycle will exit,
7but the second one will happily write past entries buffer.
8We actually do not want to exit the first cycle prematurely
9on ptr->line == NULL.
10Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
11
12CVE: CVE-2017-12424
13Upstream-Status: Backport
14Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
15---
16 lib/commonio.c | 8 ++++----
17 1 file changed, 4 insertions(+), 4 deletions(-)
18
19diff --git a/lib/commonio.c b/lib/commonio.c
20index b10da06..31edbaa 100644
21--- a/lib/commonio.c
22+++ b/lib/commonio.c
23@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
24 for (ptr = db->head;
25 (NULL != ptr)
26 #if KEEP_NIS_AT_END
27- && (NULL != ptr->line)
28- && ( ('+' != ptr->line[0])
29- && ('-' != ptr->line[0]))
30+ && ((NULL == ptr->line)
31+ || (('+' != ptr->line[0])
32+ && ('-' != ptr->line[0])))
33 #endif
34 ;
35 ptr = ptr->next) {
36 n++;
37 }
38 #if KEEP_NIS_AT_END
39- if ((NULL != ptr) && (NULL != ptr->line)) {
40+ if (NULL != ptr) {
41 nis = ptr;
42 }
43 #endif
44--
452.1.0
46