wok-4.x view glibc/stuff/patches/glibc-2.22-CVE-2017-1000366.patch @ rev 12476
Up glibc (2.22) with CVE patchs
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Wed Mar 15 11:41:38 2023 +0000 (14 months ago) |
| parents | |
| children |
line source
1 Based on:
2 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2017-1000366
3 https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=efa26d9c13a6fabd34a05139e1d8b2e441b2fae9
5 From efa26d9c13a6fabd34a05139e1d8b2e441b2fae9 Mon Sep 17 00:00:00 2001
6 From: Florian Weimer <fweimer@redhat.com>
7 Date: Mon, 19 Jun 2017 18:34:53 +0200
8 Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
9 programs [BZ #21624]
11 LD_LIBRARY_PATH can only be used to reorder system search paths, which
12 is not useful functionality.
14 This makes an exploitable unbounded alloca in _dl_init_paths unreachable
15 for AT_SECURE=1 programs.
17 ---
18 elf/rtld.c | 3 ++-
19 1 file changed, 2 insertions(+), 1 deletion(-)
21 diff --git a/elf/rtld.c b/elf/rtld.c
22 index 69873c2..5043046 100644
23 --- a/elf/rtld.c
24 +++ b/elf/rtld.c
25 @@ -2441,7 +2441,8 @@ process_envvars (enum mode *modep)
27 case 12:
28 /* The library search path. */
29 - if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
30 + if (!__libc_enable_secure
31 + && memcmp (envline, "LIBRARY_PATH", 12) == 0)
32 {
33 library_path = &envline[13];
34 break;
35 --
36 2.17.1