mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-08 14:20:07 +00:00
CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
This commit is contained in:
parent
6d43de4b85
commit
c369d66e54
@ -1,3 +1,9 @@
|
||||
2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
|
||||
|
||||
[BZ #22320]
|
||||
CVE-2017-15670
|
||||
* posix/glob.c (__glob): Fix one-byte overflow.
|
||||
|
||||
2017-10-20 Wilco Dijkstra <wdijkstr@arm.com>
|
||||
|
||||
* malloc/malloc.c (sysdep-cancel.h): Add include.
|
||||
|
4
NEWS
4
NEWS
@ -72,6 +72,10 @@ Security related changes:
|
||||
vulnerability; only trusted binaries must be examined using the ldd
|
||||
script.)
|
||||
|
||||
CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
|
||||
from a one-byte overflow during ~ operator processing (either on the stack
|
||||
or the heap, depending on the length of the user name).
|
||||
|
||||
The following bugs are resolved with this release:
|
||||
|
||||
[The release manager will add the list generated by
|
||||
|
@ -790,7 +790,7 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
|
||||
*p = '\0';
|
||||
}
|
||||
else
|
||||
*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
|
||||
*((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
|
||||
= '\0';
|
||||
user_name = newp;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user