Author: aurel32
Date: 2015-10-19 15:59:38 +0000 (Mon, 19 Oct 2015)
New Revision: 6663
Added:
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-fnmatch-overflow.diff
Modified:
glibc-package/branches/glibc-branch-wheezy/debian/changelog
glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
patches/any/cvs-fnmatch-overflow.diff: new patch from upstream to fix
a buffer overflow (read past end of buffer) in internal_fnmatch.
Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-10-19
11:26:14 UTC (rev 6662)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-10-19
15:59:38 UTC (rev 6663)
@@ -2,6 +2,8 @@
* patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.
+ * patches/any/cvs-fnmatch-overflow.diff: new patch from upstream to fix
+ a buffer overflow (read past end of buffer) in internal_fnmatch.
* patches/any/cvs-CVE-2014-8121.diff: new patch from upstream to fix
an unexpected closing of nss_files databases after lookups, causing
denial of service (CVE-2014-8121). Closes: #779587.
Added:
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-fnmatch-overflow.diff
===================================================================
---
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-fnmatch-overflow.diff
(rev 0)
+++
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-fnmatch-overflow.diff
2015-10-19 15:59:38 UTC (rev 6663)
@@ -0,0 +1,27 @@
+2015-02-26 Andreas Schwab <[email protected]>
+
+ [BZ #18032]
+ * posix/fnmatch_loop.c (FCT): Remove extra increment when skipping
+ over collating symbol inside a bracket expression. Minor cleanup.
+
+diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c
+index f79d051..f11d0f1 100644
+--- a/posix/fnmatch_loop.c
++++ b/posix/fnmatch_loop.c
+@@ -951,14 +951,13 @@ FCT (pattern, string, string_end, no_leading_period,
flags, ends, alloca_used)
+ }
+ else if (c == L('[') && *p == L('.'))
+ {
+- ++p;
+ while (1)
+ {
+ c = *++p;
+- if (c == '\0')
++ if (c == L('\0'))
+ return FNM_NOMATCH;
+
+- if (*p == L('.') && p[1] == L(']'))
++ if (c == L('.') && p[1] == L(']'))
+ break;
+ }
+ p += 2;
Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series
2015-10-19 11:26:14 UTC (rev 6662)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series
2015-10-19 15:59:38 UTC (rev 6663)
@@ -405,3 +405,4 @@
any/cvs-getaddrinfo-idn.diff
any/cvs-CVE-2015-1781.diff
any/cvs-CVE-2014-8121.diff
+any/cvs-fnmatch-overflow.diff
