diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch')
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/nixpkgs/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch b/nixpkgs/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch deleted file mode 100644 index 75d874b93d09..000000000000 --- a/nixpkgs/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch +++ /dev/null @@ -1,62 +0,0 @@ -From: Andreas Schwab <schwab@suse.de> -Date: Wed, 19 Feb 2020 16:21:46 +0000 (+0100) -Subject: Fix use-after-free in glob when expanding ~user (bug 25414) -X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=da97c6b88eb03fb834e92964b0895c2ac8d61f63;hp=dd34bce38c822b67fcc42e73969bf6699d6874b6 - -Fix use-after-free in glob when expanding ~user (bug 25414) - -The value of `end_name' points into the value of `dirname', thus don't -deallocate the latter before the last use of the former. - -(cherry picked from commit ddc650e9b3dc916eab417ce9f79e67337b05035c) ---- - -diff --git a/posix/glob.c b/posix/glob.c -index e73e35c510..c6cbd0eb43 100644 ---- a/posix/glob.c -+++ b/posix/glob.c -@@ -827,31 +827,32 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int), - { - size_t home_len = strlen (p->pw_dir); - size_t rest_len = end_name == NULL ? 0 : strlen (end_name); -- char *d; -+ char *d, *newp; -+ bool use_alloca = glob_use_alloca (alloca_used, -+ home_len + rest_len + 1); - -- if (__glibc_unlikely (malloc_dirname)) -- free (dirname); -- malloc_dirname = 0; -- -- if (glob_use_alloca (alloca_used, home_len + rest_len + 1)) -- dirname = alloca_account (home_len + rest_len + 1, -- alloca_used); -+ if (use_alloca) -+ newp = alloca_account (home_len + rest_len + 1, alloca_used); - else - { -- dirname = malloc (home_len + rest_len + 1); -- if (dirname == NULL) -+ newp = malloc (home_len + rest_len + 1); -+ if (newp == NULL) - { - scratch_buffer_free (&pwtmpbuf); - retval = GLOB_NOSPACE; - goto out; - } -- malloc_dirname = 1; - } -- d = mempcpy (dirname, p->pw_dir, home_len); -+ d = mempcpy (newp, p->pw_dir, home_len); - if (end_name != NULL) - d = mempcpy (d, end_name, rest_len); - *d = '\0'; - -+ if (__glibc_unlikely (malloc_dirname)) -+ free (dirname); -+ dirname = newp; -+ malloc_dirname = !use_alloca; -+ - dirlen = home_len + rest_len; - dirname_modified = 1; - } |