This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)


On 06/15/2014 03:08 AM, Allan McRae wrote:
On 12/06/14 07:18, Florian Weimer wrote:
On 06/11/2014 11:01 PM, Roland McGrath wrote:
This looks fine to me except for some trivia.

Thanks, committed with the suggested changes.


We normally add a news item for fixed CVEs.  How does this sound?

We didn't know if this would qualify for a CVE at the time of commit.

* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
   copy the path argument. This allowed programs to trigger use-after-free
   bugs or other situations where the path is mutated. (Bugzilla #17048).

The second sentence seems a bit rough.  Perhaps:

"This allowed programs to cause posix_spawn to deference a dangling pointer, or use an unexpected pathname argument if the string was modified after the posix_spawn_file_actions_addopen invocation."

--
Florian Weimer / Red Hat Product Security Team


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]