[PATCH] posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)
Allan McRae
allan@archlinux.org
Sun Jun 15 01:09:00 GMT 2014
On 12/06/14 07:18, Florian Weimer wrote:
> On 06/11/2014 11:01 PM, Roland McGrath wrote:
>> This looks fine to me except for some trivia.
>
> Thanks, committed with the suggested changes.
>
We normally add a news item for fixed CVEs. How does this sound?
* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
copy the path argument. This allowed programs to trigger use-after-free
bugs or other situations where the path is mutated. (Bugzilla #17048).
Allan
More information about the Libc-alpha
mailing list