This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.26.9000-978-g3ff3dfa
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 14 Dec 2017 14:31:57 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.26.9000-978-g3ff3dfa
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 3ff3dfa5af313a6ea33f3393916f30eece4f0171 (commit)
from 8a0b17e48b83e933960dfeb8fa08b259f03f310e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3ff3dfa5af313a6ea33f3393916f30eece4f0171
commit 3ff3dfa5af313a6ea33f3393916f30eece4f0171
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Dec 14 15:05:57 2017 +0100
elf: Count components of the expanded path in _dl_init_path [BZ #22607]
diff --git a/ChangeLog b/ChangeLog
index 521ef46..018edea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2017-12-14 Florian Weimer <fweimer@redhat.com>
+ [BZ #22607]
+ CVE-2017-1000409
+ * elf/dl-load.c (_dl_init_paths): Compute number of components in
+ the expanded path string.
+
+2017-12-14 Florian Weimer <fweimer@redhat.com>
+
[BZ #22606]
CVE-2017-1000408
* elf/dl-load.c (system_dirs): Update comment.
diff --git a/NEWS b/NEWS
index eef51b6..c5607c8 100644
--- a/NEWS
+++ b/NEWS
@@ -130,6 +130,12 @@ Security related changes:
it is mentioned here only because of the CVE assignment.) Reported by
Qualys.
+ CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
+ of the number of search path components. (This is not a security
+ vulnerability per se because no trust boundary is crossed if the fix for
+ CVE-2017-1000366 has been applied, but it is mentioned here only because
+ of the CVE assignment.) Reported by Qualys.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by
diff --git a/elf/dl-load.c b/elf/dl-load.c
index 5f1f908..bbd3be9 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -773,8 +773,6 @@ _dl_init_paths (const char *llp)
if (llp != NULL && *llp != '\0')
{
- size_t nllp;
- const char *cp = llp;
char *llp_tmp;
#ifdef SHARED
@@ -797,13 +795,10 @@ _dl_init_paths (const char *llp)
/* Decompose the LD_LIBRARY_PATH contents. First determine how many
elements it has. */
- nllp = 1;
- while (*cp)
- {
- if (*cp == ':' || *cp == ';')
- ++nllp;
- ++cp;
- }
+ size_t nllp = 1;
+ for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
+ if (*cp == ':' || *cp == ';')
+ ++nllp;
env_path_list.dirs = (struct r_search_path_elem **)
malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 7 +++++++
NEWS | 6 ++++++
elf/dl-load.c | 13 ++++---------
3 files changed, 17 insertions(+), 9 deletions(-)
hooks/post-receive
--
GNU C Library master sources