Author: dj Date: Sun Dec 24 11:01:25 2017 New Revision: 3680 Log: Remove glibc-2.26-local_glob_exploits-1.patch. Add glibc-2.26-local_glob_exploits-2.patch.
Added: trunk/glibc/glibc-2.26-local_glob_exploits-2.patch Deleted: trunk/glibc/glibc-2.26-local_glob_exploits-1.patch Added: trunk/glibc/glibc-2.26-local_glob_exploits-2.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/glibc/glibc-2.26-local_glob_exploits-2.patch Sun Dec 24 11:01:25 2017 (r3680) @@ -0,0 +1,58 @@ +Submitted by: DJ Lucas (dj_AT_linuxfromscratch_DOT_org) +Date: 2017-12-24 +Initial Package Version: 2.26 +Upstream Status: Comitted +Origin: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c369d66e5426a30e4725b100d5cd28e372754f90 + and https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8 +Description: Fixes local-only exploits in glob functions idetified + in CVE-2017-15670 and CVE-2017-15671 + +diff -Naurp glibc-2.26-orig/ChangeLog glibc-2.26/ChangeLog +--- glibc-2.26-orig/ChangeLog 2017-12-23 23:16:40.669052891 -0600 ++++ glibc-2.26/ChangeLog 2017-12-23 23:30:21.240500323 -0600 +@@ -1,3 +1,19 @@ ++2017-10-21 Paul Eggert <egg...@cs.ucla.edu> ++ ++ glob: fix another heap buffer overflow ++ Problem reported by Tim Rühsen in: ++ https://sourceware.org/bugzilla/show_bug.cgi?id=22332 ++ * lib/glob.c (glob): Avoid buffer overrun when unescaping. ++ ++2017-10-19 Paul Eggert <egg...@cs.ucla.edu> ++ ++ glob: fix heap buffer overflow ++ * lib/glob.c (glob): Fix off-by-one error introduced into ++ glibc in commit dd7d45e838a42b0ed470c44b55901ea98d0c2bab ++ dated 1997-10-29 20:33:40. Problem reported by Tim Rühsen in: ++ https://sourceware.org/bugzilla/show_bug.cgi?id=22320 ++ Fix suggested by Bruno Haible. ++ + 2017-08-02 Siddhesh Poyarekar <siddh...@sourceware.org> + + * version.h (RELEASE): Set to "stable" +diff -Naurp glibc-2.26-orig/posix/glob.c glibc-2.26/posix/glob.c +--- glibc-2.26-orig/posix/glob.c 2017-12-23 23:16:40.803052829 -0600 ++++ glibc-2.26/posix/glob.c 2017-12-24 12:59:03.197896628 -0600 +@@ -823,11 +823,11 @@ glob (const char *pattern, int flags, in + char *p = mempcpy (newp, dirname + 1, + unescape - dirname - 1); + char *q = unescape; +- while (*q != '\0') ++ while (q != end_name) + { + if (*q == '\\') + { +- if (q[1] == '\0') ++ if (q + 1 == end_name) + { + /* "~fo\\o\\" unescape to user_name "foo\\", + but "~fo\\o\\/" unescape to user_name +@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in + *p = '\0'; + } + else +- *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) ++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) + = '\0'; + user_name = newp; + } -- http://lists.linuxfromscratch.org/listinfo/patches FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page