mirror of
git://sourceware.org/git/glibc.git
synced 2024-11-21 01:12:26 +08:00
elf: Count components of the expanded path in _dl_init_path [BZ #22607]
This commit is contained in:
parent
8a0b17e48b
commit
3ff3dfa5af
@ -1,3 +1,10 @@
|
||||
2017-12-14 Florian Weimer <fweimer@redhat.com>
|
||||
|
||||
[BZ #22607]
|
||||
CVE-2017-1000409
|
||||
* elf/dl-load.c (_dl_init_paths): Compute number of components in
|
||||
the expanded path string.
|
||||
|
||||
2017-12-14 Florian Weimer <fweimer@redhat.com>
|
||||
|
||||
[BZ #22606]
|
||||
|
6
NEWS
6
NEWS
@ -130,6 +130,12 @@ Security related changes:
|
||||
it is mentioned here only because of the CVE assignment.) Reported by
|
||||
Qualys.
|
||||
|
||||
CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
|
||||
of the number of search path components. (This is not a security
|
||||
vulnerability per se because no trust boundary is crossed if the fix for
|
||||
CVE-2017-1000366 has been applied, but it is mentioned here only because
|
||||
of the CVE assignment.) Reported by Qualys.
|
||||
|
||||
The following bugs are resolved with this release:
|
||||
|
||||
[The release manager will add the list generated by
|
||||
|
@ -773,8 +773,6 @@ _dl_init_paths (const char *llp)
|
||||
|
||||
if (llp != NULL && *llp != '\0')
|
||||
{
|
||||
size_t nllp;
|
||||
const char *cp = llp;
|
||||
char *llp_tmp;
|
||||
|
||||
#ifdef SHARED
|
||||
@ -797,13 +795,10 @@ _dl_init_paths (const char *llp)
|
||||
|
||||
/* Decompose the LD_LIBRARY_PATH contents. First determine how many
|
||||
elements it has. */
|
||||
nllp = 1;
|
||||
while (*cp)
|
||||
{
|
||||
if (*cp == ':' || *cp == ';')
|
||||
++nllp;
|
||||
++cp;
|
||||
}
|
||||
size_t nllp = 1;
|
||||
for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
|
||||
if (*cp == ':' || *cp == ';')
|
||||
++nllp;
|
||||
|
||||
env_path_list.dirs = (struct r_search_path_elem **)
|
||||
malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
|
||||
|
Loading…
Reference in New Issue
Block a user