qiurui
/
glibc
mirror of git://sourceware.org/git/glibc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]

This commit is contained in:
Paul Eggert 2017-10-20 18:41:14 +02:00 committed by Florian Weimer
parent 6d43de4b85
commit c369d66e54
3 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
[BZ #22320]
CVE-2017-15670
* posix/glob.c (__glob): Fix one-byte overflow.
2017-10-20 Wilco Dijkstra <wdijkstr@arm.com> 2017-10-20 Wilco Dijkstra <wdijkstr@arm.com>
* malloc/malloc.c (sysdep-cancel.h): Add include. * malloc/malloc.c (sysdep-cancel.h): Add include.

4
NEWS
View File

@ -72,6 +72,10 @@ Security related changes:
vulnerability; only trusted binaries must be examined using the ldd vulnerability; only trusted binaries must be examined using the ldd
script.) script.)
CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
from a one-byte overflow during ~ operator processing (either on the stack
or the heap, depending on the length of the user name).
The following bugs are resolved with this release: The following bugs are resolved with this release:
[The release manager will add the list generated by [The release manager will add the list generated by

2
posix/glob.c
View File

@ -790,7 +790,7 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
*p = '\0'; *p = '\0';
} }
else else
*((char *) mempcpy (newp, dirname + 1, end_name - dirname)) *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
= '\0'; = '\0';
user_name = newp; user_name = newp;
} }