From 96748498534bc27b7df54aa78b854d8a35626cad Mon Sep 17 00:00:00 2001 From: liqingqing_1229 Date: Sat, 28 May 2022 18:42:11 +0800 Subject: [PATCH] realpath: Avoid overwriting preexisting error(CVE-2021-3998) --- glibc.spec | 6 +++- ...ting-preexisting-error-CVE-2021-3998.patch | 33 +++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 realpath-Avoid-overwriting-preexisting-error-CVE-2021-3998.patch diff --git a/glibc.spec b/glibc.spec index f1219b3..8eae61e 100644 --- a/glibc.spec +++ b/glibc.spec @@ -66,7 +66,7 @@ ############################################################################## Name: glibc Version: 2.34 -Release: 81 +Release: 82 Summary: The GNU libc libraries License: %{all_license} URL: http://www.gnu.org/software/glibc/ @@ -221,6 +221,7 @@ Patch133: posix-glob.c-update-from-gnulib.patch Patch134: linux-Fix-fchmodat-with-AT_SYMLINK_NOFOLLOW-for-64-b.patch Patch135: linux-Fix-posix_spawn-return-code-if-clone-fails-BZ-.patch Patch136: backport-elf-Fix-use-after-free-in-ldconfig-BZ-26779.patch +Patch137: realpath-Avoid-overwriting-preexisting-error-CVE-2021-3998.patch Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch @@ -1389,6 +1390,9 @@ fi %endif %changelog +* Sat May 28 2022 QingqingLi - 2.34-82 +- realpath: Avoid overwriting preexisting error (CVE-2021-3998) + * Fri May 20 2022 xujing - 2.34-81 - elf: Fix use-after-free in ldconfig [BZ #26779] diff --git a/realpath-Avoid-overwriting-preexisting-error-CVE-2021-3998.patch b/realpath-Avoid-overwriting-preexisting-error-CVE-2021-3998.patch new file mode 100644 index 0000000..95c6bd6 --- /dev/null +++ b/realpath-Avoid-overwriting-preexisting-error-CVE-2021-3998.patch @@ -0,0 +1,33 @@ +From d084965adc7baa8ea804427cccf973cea556d697 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Mon, 24 Jan 2022 21:36:41 +0530 +Subject: [PATCH] realpath: Avoid overwriting preexisting error (CVE-2021-3998) + +Set errno and failure for paths that are too long only if no other error +occurred earlier. + +Related: BZ #28770 + +Reviewed-by: Andreas Schwab +Signed-off-by: Siddhesh Poyarekar +(cherry picked from commit 84d2d0fe20bdf94feed82b21b4d7d136db471f03) +--- + stdlib/canonicalize.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c +index 7a23a51..e2d4244 100644 +--- a/stdlib/canonicalize.c ++++ b/stdlib/canonicalize.c +@@ -404,7 +404,7 @@ error: + { + if (dest - rname <= get_path_max ()) + rname = strcpy (resolved, rname); +- else ++ else if (!failed) + { + failed = true; + __set_errno (ENAMETOOLONG); +-- +1.8.3.1 +