[Bug glob/19779] glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption (CVE-2016-1234)

["cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=19779

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  5171f3079f2cc53e0548fc4967361f4d1ce9d7ea (commit)
      from  2faba597eca15666ce46cc721041747e96c8b942 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea

commit 5171f3079f2cc53e0548fc4967361f4d1ce9d7ea
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed May 4 12:09:35 2016 +0200

    CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ #19779]

    Instead, we store the data we need from the return value of
    readdir in an object of the new type struct readdir_result.
    This type is independent of the layout of struct dirent.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                             |   21 +++
 NEWS                                  |    4 +
 posix/bug-glob2.c                     |   14 ++-
 posix/glob.c                          |  223 ++++++++++++++++++---------------
 sysdeps/unix/sysv/linux/i386/glob64.c |   22 ++++
 5 files changed, 184 insertions(+), 100 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.