+2017-12-14 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #22607]
+ CVE-2017-1000409
+ * elf/dl-load.c (_dl_init_paths): Compute number of components in
+ the expanded path string.
+
2017-12-30 Aurelien Jarno <aurelien@aurel32.net>
Dmitry V. Levin <ldv@altlinux.org>
* CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
for AT_SECURE or SUID binaries could be used to load libraries from the
current directory.
+
+* CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
+ of the number of search path components. (This is not a security
+ vulnerability per se because no trust boundary is crossed if the fix for
+ CVE-2017-1000366 has been applied, but it is mentioned here only because
+ of the CVE assignment.) Reported by Qualys.
\f
Version 2.22
if (llp != NULL && *llp != '\0')
{
- size_t nllp;
- const char *cp = llp;
char *llp_tmp;
#ifdef SHARED
/* Decompose the LD_LIBRARY_PATH contents. First determine how many
elements it has. */
- nllp = 1;
- while (*cp)
- {
- if (*cp == ':' || *cp == ';')
- ++nllp;
- ++cp;
- }
+ size_t nllp = 1;
+ for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
+ if (*cp == ':' || *cp == ';')
+ ++nllp;
env_path_list.dirs = (struct r_search_path_elem **)
malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
projects / thirdparty / glibc.git / commitdiff
