This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug glob/19779] glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption (CVE-2016-1234)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 04 May 2016 10:10:28 +0000
- Subject: [Bug glob/19779] glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption (CVE-2016-1234)
- Auto-submitted: auto-generated
- References: <bug-19779-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=19779
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 5171f3079f2cc53e0548fc4967361f4d1ce9d7ea (commit)
from 2faba597eca15666ce46cc721041747e96c8b942 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea
commit 5171f3079f2cc53e0548fc4967361f4d1ce9d7ea
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed May 4 12:09:35 2016 +0200
CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ #19779]
Instead, we store the data we need from the return value of
readdir in an object of the new type struct readdir_result.
This type is independent of the layout of struct dirent.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 21 +++
NEWS | 4 +
posix/bug-glob2.c | 14 ++-
posix/glob.c | 223 ++++++++++++++++++---------------
sysdeps/unix/sysv/linux/i386/glob64.c | 22 ++++
5 files changed, 184 insertions(+), 100 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.