diff options
| author | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-08-26 23:18:00 +0300 |
|---|---|---|
| committer | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-08-27 19:05:02 +0300 |
| commit | 6f106a0a4ce15fe0678d4ffefd572e6978c72597 (patch) | |
| tree | d98626c9763ad9048ac9bfd8269e12eced18d496 /meta-openbmc-mods/meta-common/recipes-core/glibc | |
| parent | ae908254d22318b9e27acf6e5e28d1a4ab5e2195 (diff) | |
| download | openbmc-6f106a0a4ce15fe0678d4ffefd572e6978c72597.tar.xz | |
Update to internal 0.70
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-core/glibc')
2 files changed, 41 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-35942-handle-overflow-in-positional-parameter-number.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-35942-handle-overflow-in-positional-parameter-number.patch new file mode 100644 index 000000000..4ad5da6da --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-35942-handle-overflow-in-positional-parameter-number.patch @@ -0,0 +1,40 @@ +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@linux-m68k.org> +Date: Fri, 25 Jun 2021 15:02:47 +0200 +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug + 28011) + +Use strtoul instead of atoi so that overflow can be detected. +--- + posix/wordexp-test.c | 1 + + posix/wordexp.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c +index f93a546d7e..9df02dbbb3 100644 +--- a/posix/wordexp-test.c ++++ b/posix/wordexp-test.c +@@ -183,6 +183,7 @@ struct test_case_struct + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, + { 0, NULL, "", 0, 0, { NULL, }, IFS }, ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, + + /* Flags not already covered (testit() has special handling for these) */ + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, +diff --git a/posix/wordexp.c b/posix/wordexp.c +index bcbe96e48d..1f3b09f721 100644 +--- a/posix/wordexp.c ++++ b/posix/wordexp.c +@@ -1399,7 +1399,7 @@ envsubst: + /* Is it a numeric parameter? */ + else if (isdigit (env[0])) + { +- int n = atoi (env); ++ unsigned long n = strtoul (env, NULL, 10); + + if (n >= __libc_argc) + /* Substitute NULL. */ +-- +2.27.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend index 77cd9ce46..a40461c62 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend @@ -5,4 +5,5 @@ SRC_URI += " \ file://0036-sunrpc-use-snprintf-to-guard-against-buffer-overflow.patch \ file://0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch \ file://0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch \ + file://0038-CVE-2021-35942-handle-overflow-in-positional-parameter-number.patch \ " |