This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.21-177-g5f85a4b


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  5f85a4bf9460b953a35f2beae54acaa8c1310a29 (commit)
      from  95f386609f378063b35e0c4ede8c2d2ceea91f51 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5f85a4bf9460b953a35f2beae54acaa8c1310a29

commit 5f85a4bf9460b953a35f2beae54acaa8c1310a29
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date:   Mon Mar 9 07:22:36 2015 -0700

    Fix BZ #18043 (c4): buffer-overflow (read past the end) in wordexp/parse_dollars/parse_param

diff --git a/ChangeLog b/ChangeLog
index abb948f..a7bd5b7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2015-03-09  Paul Pluzhnikov  <ppluzhnikov@google.com>
 
+	[BZ #18043]
+	* posix/wordexp.c (parse_param): Fix buffer overflow.
+	* posix/wordexp-test.c (test_case): Add test case.
+
+2015-03-09  Paul Pluzhnikov  <ppluzhnikov@google.com>
+
 	[BZ #18042]
 	* posix/wordexp.c (parse_backtick): Fix off-by-one.
 	* posix/wordexp-test.c (test_case): Add test for BZ #18042.
diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
index 845407e..0a353a4 100644
--- a/posix/wordexp-test.c
+++ b/posix/wordexp-test.c
@@ -234,8 +234,9 @@ struct test_case_struct
     { WRDE_CMDSUB, NULL, "$((1+`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS },
     { WRDE_CMDSUB, NULL, "$((1+$((`echo 1`))))", WRDE_NOCMD, 0, { NULL, }, IFS },
 
-    { WRDE_SYNTAX, NULL, "`\\", 0, 0, { NULL, }, IFS },  /* BZ 18042  */
-    { WRDE_SYNTAX, NULL, "${", 0, 0, { NULL, }, IFS },   /* BZ 18043  */
+    { WRDE_SYNTAX, NULL, "`\\", 0, 0, { NULL, }, IFS },     /* BZ 18042  */
+    { WRDE_SYNTAX, NULL, "${", 0, 0, { NULL, }, IFS },      /* BZ 18043  */
+    { WRDE_SYNTAX, NULL, "L${a:", 0, 0, { NULL, }, IFS },   /* BZ 18043#c4  */
 
     { -1, NULL, NULL, 0, 0, { NULL, }, IFS },
   };
diff --git a/posix/wordexp.c b/posix/wordexp.c
index ae4fd72..36b6fff 100644
--- a/posix/wordexp.c
+++ b/posix/wordexp.c
@@ -1343,7 +1343,8 @@ parse_param (char **word, size_t *word_length, size_t *max_length,
 	  break;
 
 	case ':':
-	  if (strchr ("-=?+", words[1 + *offset]) == NULL)
+	  if (words[1 + *offset] == '\0'
+	      || strchr ("-=?+", words[1 + *offset]) == NULL)
 	    goto syntax;
 
 	  colon_seen = 1;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |    6 ++++++
 posix/wordexp-test.c |    5 +++--
 posix/wordexp.c      |    3 ++-
 3 files changed, 11 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]