Bug#882062: mariadb-10.1: fix-FTBFS-on-GNU-Hurd.patch introduces buffer overflow in mariabackup

Sat, 18 Nov 2017 03:42:56 -0800 

Source: mariadb-10.1
Version: 10.1.26-1
Severity: important
Tags: patch security
Control: clone -1 -2
Control: reassign -2 mariadb-10.2 10.2.7-1
Control: retitle -2 mariadb-10.2: fix-FTBFS-on-GNU-Hurd.patch introduces buffer 
overflow in mariabackup

Hi,

As I mentioned in #879637 (message #12), the fix-FTBFS-on-GNU-Hurd.patch
Debian patch introduces a buffer overflow in mariabackup. Applying the
attached debdiff should fix it.

The bug does not affect mariadb-10.1 in stretch-security because it
doesn't include the fix-FTBFS-on-GNU-Hurd.patch patch.

Thanks,
James

diff -ur a/debian/patches/fix-FTBFS-on-GNU-Hurd.patch 
b/debian/patches/fix-FTBFS-on-GNU-Hurd.patch
--- a/debian/patches/fix-FTBFS-on-GNU-Hurd.patch        2017-11-16 
15:24:36.000000000 +0000
+++ b/debian/patches/fix-FTBFS-on-GNU-Hurd.patch        2017-11-18 
11:38:35.614785997 +0000
@@ -57,7 +57,7 @@
 -      parent[sizeof(parent) - 1] = 0;
 +      parent = (char *)malloc(len);
 +      strncpy(parent, pathname, len);
-+      parent[len] = 0;
++      parent[len - 1] = 0;
  
        for (p = parent + strlen(parent);
            !is_path_separator(*p) && p != parent; p--);

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to