summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVinay Kumar <vinay.m.engg@gmail.com>2021-08-09 01:39:31 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-08-18 18:00:24 +0100
commit9df882ce6835692774c649405fcb474ea0eacda4 (patch)
tree92b7b4160d27328b780ef95877bb835f0caf9f00
parentaf322602f57164b8ccbdee8b855c30080e6fd5c8 (diff)
downloadpoky-9df882ce6835692774c649405fcb474ea0eacda4.tar.gz
glibc: Fix CVE-2021-35942
Source: https://sourceware.org/git/glibc.git Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011 Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to glibc-2.33 source. Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] (From OE-Core rev: 79adec00a3b7efb44171ac15e221cac3d3d85f20) Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2021-35942.patch44
-rw-r--r--meta/recipes-core/glibc/glibc_2.33.bb1
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
new file mode 100644
index 0000000000..5cae1bc91c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
@@ -0,0 +1,44 @@
1From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
2From: Andreas Schwab <schwab@linux-m68k.org>
3Date: Fri, 25 Jun 2021 15:02:47 +0200
4Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
5 28011)
6
7Use strtoul instead of atoi so that overflow can be detected.
8
9Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
10CVE: CVE-2021-35942
11Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
12---
13 posix/wordexp-test.c | 1 +
14 posix/wordexp.c | 2 +-
15 2 files changed, 2 insertions(+), 1 deletion(-)
16
17diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
18index f93a546d7e..9df02dbbb3 100644
19--- a/posix/wordexp-test.c
20+++ b/posix/wordexp-test.c
21@@ -183,6 +183,7 @@ struct test_case_struct
22 { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
23 { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
24 { 0, NULL, "", 0, 0, { NULL, }, IFS },
25+ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
26
27 /* Flags not already covered (testit() has special handling for these) */
28 { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
29diff --git a/posix/wordexp.c b/posix/wordexp.c
30index bcbe96e48d..1f3b09f721 100644
31--- a/posix/wordexp.c
32+++ b/posix/wordexp.c
33@@ -1399,7 +1399,7 @@ envsubst:
34 /* Is it a numeric parameter? */
35 else if (isdigit (env[0]))
36 {
37- int n = atoi (env);
38+ unsigned long n = strtoul (env, NULL, 10);
39
40 if (n >= __libc_argc)
41 /* Substitute NULL. */
42--
432.17.1
44
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
index bb35c50c98..7f516d2bbe 100644
--- a/meta/recipes-core/glibc/glibc_2.33.bb
+++ b/meta/recipes-core/glibc/glibc_2.33.bb
@@ -63,6 +63,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
63 file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \ 63 file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \
64 file://CVE-2021-33574_1.patch \ 64 file://CVE-2021-33574_1.patch \
65 file://CVE-2021-33574_2.patch \ 65 file://CVE-2021-33574_2.patch \
66 file://CVE-2021-35942.patch \
66 " 67 "
67S = "${WORKDIR}/git" 68S = "${WORKDIR}/git"
68B = "${WORKDIR}/build-${TARGET_SYS}" 69B = "${WORKDIR}/build-${TARGET_SYS}"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-04 22:34:07 +0000