diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-07-13 23:20:04 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-07-13 23:21:06 +0000 |
commit | a42c1d6d62656dcf9bd85de620f2e200a5ad22d8 (patch) | |
tree | 7d481fea9872f62a034452612be17f4494159baa /nixpkgs/pkgs/development/libraries/glibc | |
parent | 55f69a6b0e53c1c4b3e0396937c53bf5662b5519 (diff) | |
parent | 9480bae337095fd24f61380bce3174fdfe926a00 (diff) | |
download | nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.gz nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.bz2 nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.lz nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.xz nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.zst nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.zip |
Merge commit '9480bae337095fd24f61380bce3174fdfe926a00'
This is the last nixos-unstable release before 13b2903169f, which I'm a bit nervous about. So I want the update including that one to be as small as possible, hence going to this one first.
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/glibc')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch | 62 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/glibc/common.nix | 4 |
2 files changed, 64 insertions, 2 deletions
diff --git a/nixpkgs/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch b/nixpkgs/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch new file mode 100644 index 000000000000..75d874b93d09 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch @@ -0,0 +1,62 @@ +From: Andreas Schwab <schwab@suse.de> +Date: Wed, 19 Feb 2020 16:21:46 +0000 (+0100) +Subject: Fix use-after-free in glob when expanding ~user (bug 25414) +X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=da97c6b88eb03fb834e92964b0895c2ac8d61f63;hp=dd34bce38c822b67fcc42e73969bf6699d6874b6 + +Fix use-after-free in glob when expanding ~user (bug 25414) + +The value of `end_name' points into the value of `dirname', thus don't +deallocate the latter before the last use of the former. + +(cherry picked from commit ddc650e9b3dc916eab417ce9f79e67337b05035c) +--- + +diff --git a/posix/glob.c b/posix/glob.c +index e73e35c510..c6cbd0eb43 100644 +--- a/posix/glob.c ++++ b/posix/glob.c +@@ -827,31 +827,32 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int), + { + size_t home_len = strlen (p->pw_dir); + size_t rest_len = end_name == NULL ? 0 : strlen (end_name); +- char *d; ++ char *d, *newp; ++ bool use_alloca = glob_use_alloca (alloca_used, ++ home_len + rest_len + 1); + +- if (__glibc_unlikely (malloc_dirname)) +- free (dirname); +- malloc_dirname = 0; +- +- if (glob_use_alloca (alloca_used, home_len + rest_len + 1)) +- dirname = alloca_account (home_len + rest_len + 1, +- alloca_used); ++ if (use_alloca) ++ newp = alloca_account (home_len + rest_len + 1, alloca_used); + else + { +- dirname = malloc (home_len + rest_len + 1); +- if (dirname == NULL) ++ newp = malloc (home_len + rest_len + 1); ++ if (newp == NULL) + { + scratch_buffer_free (&pwtmpbuf); + retval = GLOB_NOSPACE; + goto out; + } +- malloc_dirname = 1; + } +- d = mempcpy (dirname, p->pw_dir, home_len); ++ d = mempcpy (newp, p->pw_dir, home_len); + if (end_name != NULL) + d = mempcpy (d, end_name, rest_len); + *d = '\0'; + ++ if (__glibc_unlikely (malloc_dirname)) ++ free (dirname); ++ dirname = newp; ++ malloc_dirname = !use_alloca; ++ + dirlen = home_len + rest_len; + dirname_modified = 1; + } diff --git a/nixpkgs/pkgs/development/libraries/glibc/common.nix b/nixpkgs/pkgs/development/libraries/glibc/common.nix index 0429c7295fb8..36b6bea61cd4 100644 --- a/nixpkgs/pkgs/development/libraries/glibc/common.nix +++ b/nixpkgs/pkgs/development/libraries/glibc/common.nix @@ -106,10 +106,10 @@ stdenv.mkDerivation ({ url = "https://salsa.debian.org/glibc-team/glibc/raw/49767c9f7de4828220b691b29de0baf60d8a54ec/debian/patches/localedata/locale-C.diff"; sha256 = "0irj60hs2i91ilwg5w7sqrxb695c93xg0ik7yhhq9irprd7fidn4"; }) - ] - ++ lib.optionals stdenv.isx86_64 [ + ./fix-x64-abi.patch ./2.27-CVE-2019-19126.patch + ./2.30-cve-2020-1752.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch; |