import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch - openbmc/openbmc - Gitiles

 From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001
 From: Paul Eggert <eggert@cs.ucla.edu>
 Date: Fri, 20 Oct 2017 18:41:14 +0200
 Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]

 (cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)

 Upstream-Status: Backport
 CVE: CVE-2017-15670
 Affects: glibc < 2.27
 Signed-off-by: Armin Kuster <akuster@mvista.com>

 ---
  ChangeLog    | 6 ++++++
  NEWS         | 5 +++++
  posix/glob.c | 2 +-
  3 files changed, 12 insertions(+), 1 deletion(-)

 Index: git/NEWS
 ===================================================================
 --- git.orig/NEWS
 +++ git/NEWS
 @@ -206,6 +206,11 @@ Security related changes:
  * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
    fixed (CVE-2017-12133).

 +  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
 +  suffered from a one-byte overflow during ~ operator processing (either
 +  on the stack or the heap, depending on the length of the user name).
 +  Reported by Tim Rühsen.
 +
  The following bugs are resolved with this release:

    [984] network: Respond to changed resolv.conf in gethostbyname
 Index: git/posix/glob.c
 ===================================================================
 --- git.orig/posix/glob.c
 +++ git/posix/glob.c
 @@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in
  		  *p = '\0';
  		}
  	      else
 -		*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
 +		*((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
  		  = '\0';
  	      user_name = newp;
  	    }
 Index: git/ChangeLog
 ===================================================================
 --- git.orig/ChangeLog
 +++ git/ChangeLog
 @@ -1,3 +1,9 @@
 +2017-10-20  Paul Eggert <eggert@cs.ucla.edu>
 +
 +       [BZ #22320]
 +       CVE-2017-15670
 +       * posix/glob.c (__glob): Fix one-byte overflow.
 +
  2017-08-02  Siddhesh Poyarekar  <siddhesh@sourceware.org>

  	* version.h (RELEASE): Set to "stable"
	From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001
	From: Paul Eggert <eggert@cs.ucla.edu>
	Date: Fri, 20 Oct 2017 18:41:14 +0200
	Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]

	(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)

	Upstream-Status: Backport
	CVE: CVE-2017-15670
	Affects: glibc < 2.27
	Signed-off-by: Armin Kuster <akuster@mvista.com>

	---
	ChangeLog \| 6 ++++++
	NEWS \| 5 +++++
	posix/glob.c \| 2 +-
	3 files changed, 12 insertions(+), 1 deletion(-)

	Index: git/NEWS
	===================================================================
	--- git.orig/NEWS
	+++ git/NEWS
	@@ -206,6 +206,11 @@ Security related changes:
	* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
	fixed (CVE-2017-12133).

	+ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
	+ suffered from a one-byte overflow during ~ operator processing (either
	+ on the stack or the heap, depending on the length of the user name).
	+ Reported by Tim Rühsen.
	+
	The following bugs are resolved with this release:

	[984] network: Respond to changed resolv.conf in gethostbyname
	Index: git/posix/glob.c
	===================================================================
	--- git.orig/posix/glob.c
	+++ git/posix/glob.c
	@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in
	*p = '\0';
	}
	else
	- ((char ) mempcpy (newp, dirname + 1, end_name - dirname))
	+ ((char ) mempcpy (newp, dirname + 1, end_name - dirname - 1))
	= '\0';
	user_name = newp;
	}
	Index: git/ChangeLog
	===================================================================
	--- git.orig/ChangeLog
	+++ git/ChangeLog
	@@ -1,3 +1,9 @@
	+2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
	+
	+ [BZ #22320]
	+ CVE-2017-15670
	+ * posix/glob.c (__glob): Fix one-byte overflow.
	+
	2017-08-02 Siddhesh Poyarekar <siddhesh@sourceware.org>

	* version.h (RELEASE): Set to "stable"