packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

io: Fix use after free in ftw (BZ 26779)

Browse Source 
(cherry picked from commit 79dcf1a0e983217810662ec0ebe26dc33b43c41c)
This commit is contained in:
liqingqing_1229 2022-12-12 17:50:06 +08:00 committed by openeuler-sync-bot
parent 816e5fb975
commit 475a8ee8af
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
glibc.spec
View File

@ -66,7 +66,7 @@
############################################################################## ##############################################################################
Name: glibc Name: glibc
Version: 2.34 Version: 2.34
Release: 102 Release: 103
Summary: The GNU libc libraries Summary: The GNU libc libraries
License: %{all_license} License: %{all_license}
URL: http://www.gnu.org/software/glibc/ URL: http://www.gnu.org/software/glibc/
@ -243,6 +243,7 @@ Patch155: backport-elf-tlsdeschtab.h-Add-the-Malloc-return-value-check.patch
Patch156: backport-Fix-OOB-read-in-stdlib-thousand-grouping-parsing-BZ.patch Patch156: backport-Fix-OOB-read-in-stdlib-thousand-grouping-parsing-BZ.patch
Patch157: backport-elf-Remove-allocate-use-on-_dl_debug_printf.patch Patch157: backport-elf-Remove-allocate-use-on-_dl_debug_printf.patch
Patch158: backport-elf-Do-not-completely-clear-reused-namespace-in-dlmo.patch Patch158: backport-elf-Do-not-completely-clear-reused-namespace-in-dlmo.patch
Patch159: io-Fix-use-after-free-in-ftw-BZ-26779.patch
Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch
@ -1424,6 +1425,9 @@ fi
%endif %endif
%changelog %changelog
* Mon Dec 12 2022 Qingqing Li <liqingqing3@huawei.com> - 2.34-103
- io: Fix use after free in ftw (BZ 26779)
* Thu Dec 08 2022 shixuantong <shixuantong1@huawei.com> - 2.34-102 * Thu Dec 08 2022 shixuantong <shixuantong1@huawei.com> - 2.34-102
- elf: Do not completely clear reused namespace in dlmopen (bug 29600) - elf: Do not completely clear reused namespace in dlmopen (bug 29600)
- elf: Remove allocate use on _dl_debug_printf - elf: Remove allocate use on _dl_debug_printf

29
io-Fix-use-after-free-in-ftw-BZ-26779.patch Normal file
View File

@ -0,0 +1,29 @@
From ee52ab25ba875f458981fce22c54e3c04c7a17d3 Mon Sep 17 00:00:00 2001
From: Martin Sebor <msebor@redhat.com>
Date: Tue, 25 Jan 2022 17:39:02 -0700
Subject: [PATCH] io: Fix use-after-free in ftw [BZ #26779]
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
---
io/ftw.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/io/ftw.c b/io/ftw.c
index 2742541f36..94bd5a93e4 100644
--- a/io/ftw.c
+++ b/io/ftw.c
@@ -323,8 +323,9 @@ open_dir_stream (int *dfdp, struct ftw_data *data, struct dir_data *dirp)
buf[actsize++] = '\0';
/* Shrink the buffer to what we actually need. */
- data->dirstreams[data->actdir]->content = realloc (buf, actsize);
- if (data->dirstreams[data->actdir]->content == NULL)
+ void *content = realloc (buf, actsize);
+ data->dirstreams[data->actdir]->content = content;
+ if (content == NULL)
{
int save_err = errno;
free (buf);
--
2.33.0