import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch - openbmc/openbmc - Gitiles

 From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
 From: Paul Eggert <eggert@cs.ucla.edu>
 Date: Sun, 22 Oct 2017 10:00:57 +0200
 Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
  #22332]

 (cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)

 Upstream-Status: Backport
 CVE: CVE-2017-15671
 Signed-off-by: Armin Kuster <akuster@mvista.com>

 ---
  ChangeLog    | 6 ++++++
  NEWS         | 4 ++++
  posix/glob.c | 4 ++--
  3 files changed, 12 insertions(+), 2 deletions(-)

 Index: git/NEWS
 ===================================================================
 --- git.orig/NEWS
 +++ git/NEWS
 @@ -211,6 +211,10 @@ Security related changes:
    on the stack or the heap, depending on the length of the user name).
    Reported by Tim Rühsen.

 +  The glob function, when invoked with GLOB_TILDE and without
 +  GLOB_NOESCAPE, could write past the end of a buffer while
 +  unescaping user names.  Reported by Tim Rühsen.
 +
  The following bugs are resolved with this release:

    [984] network: Respond to changed resolv.conf in gethostbyname
 Index: git/posix/glob.c
 ===================================================================
 --- git.orig/posix/glob.c
 +++ git/posix/glob.c
 @@ -823,11 +823,11 @@ glob (const char *pattern, int flags, in
  		  char *p = mempcpy (newp, dirname + 1,
  				     unescape - dirname - 1);
  		  char *q = unescape;
 -		  while (*q != '\0')
 +		  while (q != end_name)
  		    {
  		      if (*q == '\\')
  			{
 -			  if (q[1] == '\0')
 +			  if (q + 1 == end_name)
  			    {
  			      /* "~fo\\o\\" unescape to user_name "foo\\",
  				 but "~fo\\o\\/" unescape to user_name
 Index: git/ChangeLog
 ===================================================================
 --- git.orig/ChangeLog
 +++ git/ChangeLog
 @@ -1,5 +1,10 @@
 +
  2017-10-20  Paul Eggert <eggert@cs.ucla.edu>

 +       [BZ #22332]
 +       * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
 +       unescaping.
 +
         [BZ #22320]
         CVE-2017-15670
         * posix/glob.c (__glob): Fix one-byte overflow.
	From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
	From: Paul Eggert <eggert@cs.ucla.edu>
	Date: Sun, 22 Oct 2017 10:00:57 +0200
	Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
	#22332]

	(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)

	Upstream-Status: Backport
	CVE: CVE-2017-15671
	Signed-off-by: Armin Kuster <akuster@mvista.com>

	---
	ChangeLog \| 6 ++++++
	NEWS \| 4 ++++
	posix/glob.c \| 4 ++--
	3 files changed, 12 insertions(+), 2 deletions(-)

	Index: git/NEWS
	===================================================================
	--- git.orig/NEWS
	+++ git/NEWS
	@@ -211,6 +211,10 @@ Security related changes:
	on the stack or the heap, depending on the length of the user name).
	Reported by Tim Rühsen.

	+ The glob function, when invoked with GLOB_TILDE and without
	+ GLOB_NOESCAPE, could write past the end of a buffer while
	+ unescaping user names. Reported by Tim Rühsen.
	+
	The following bugs are resolved with this release:

	[984] network: Respond to changed resolv.conf in gethostbyname
	Index: git/posix/glob.c
	===================================================================
	--- git.orig/posix/glob.c
	+++ git/posix/glob.c
	@@ -823,11 +823,11 @@ glob (const char *pattern, int flags, in
	char *p = mempcpy (newp, dirname + 1,
	unescape - dirname - 1);
	char *q = unescape;
	- while (*q != '\0')
	+ while (q != end_name)
	{
	if (*q == '\\')
	{
	- if (q[1] == '\0')
	+ if (q + 1 == end_name)
	{
	/* "~fo\\o\\" unescape to user_name "foo\\",
	but "~fo\\o\\/" unescape to user_name
	Index: git/ChangeLog
	===================================================================
	--- git.orig/ChangeLog
	+++ git/ChangeLog
	@@ -1,5 +1,10 @@
	+
	2017-10-20 Paul Eggert <eggert@cs.ucla.edu>

	+ [BZ #22332]
	+ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
	+ unescaping.
	+
	[BZ #22320]
	CVE-2017-15670
	* posix/glob.c (__glob): Fix one-byte overflow.