Created attachment 11557 [details] [PATCH] regex: fix read overrun I am reporting this bug against glibc 2.30 since I assume it's too late to add this fix to 2.29. A user of 'grep' reported a heap buffer overflow when grep is run under AddressSanitizer. The attached patch fixes this.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 583dd860d5b833037175247230a328f0050dbfe9 (commit) from 2bac7daa58da1a313bd452369b0508b31e146637 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=583dd860d5b833037175247230a328f0050dbfe9 commit 583dd860d5b833037175247230a328f0050dbfe9 Author: Paul Eggert <eggert@cs.ucla.edu> Date: Mon Jan 21 11:08:13 2019 -0800 regex: fix read overrun [BZ #24114] Problem found by AddressSanitizer, reported by Hongxu Chen in: https://debbugs.gnu.org/34140 * posix/regexec.c (proceed_next_node): Do not read past end of input buffer. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 10 +++++++++- posix/regexec.c | 6 ++++-- 2 files changed, 13 insertions(+), 3 deletions(-)
I installed the patch and am marking this bug as fixed in 2.30.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via b626c5aa5d0673a9caa48fb79fba8bda237e6fa8 (commit) from 066ae81ec9b1a5bb8f8b93f4defb089f7b315833 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b626c5aa5d0673a9caa48fb79fba8bda237e6fa8 commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8 Author: Aurelien Jarno <aurelien@aurel32.net> Date: Sat Mar 16 22:59:56 2019 +0100 Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114] ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + NEWS | 4 ++++ 2 files changed, 5 insertions(+), 0 deletions(-)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.29/master has been updated via 10dd17da710fd32aaf1f2187544d80064b8c4ee0 (commit) via 4d0b1b0f61bfba034e9e76a1d76acc59c975238f (commit) from bc6f839fb4066be83272c735e662850af2595777 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10dd17da710fd32aaf1f2187544d80064b8c4ee0 commit 10dd17da710fd32aaf1f2187544d80064b8c4ee0 Author: Aurelien Jarno <aurelien@aurel32.net> Date: Sat Mar 16 22:59:56 2019 +0100 Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114] (cherry picked from commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d0b1b0f61bfba034e9e76a1d76acc59c975238f commit 4d0b1b0f61bfba034e9e76a1d76acc59c975238f Author: Paul Eggert <eggert@cs.ucla.edu> Date: Mon Jan 21 11:08:13 2019 -0800 regex: fix read overrun [BZ #24114] Problem found by AddressSanitizer, reported by Hongxu Chen in: https://debbugs.gnu.org/34140 * posix/regexec.c (proceed_next_node): Do not read past end of input buffer. (cherry picked from commit 583dd860d5b833037175247230a328f0050dbfe9) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 9 +++++++++ NEWS | 4 ++++ posix/regexec.c | 6 ++++-- 3 files changed, 17 insertions(+), 2 deletions(-)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.28/master has been updated via 54e725e39d0190227b9bf975a7c3f80e8a81365a (commit) via 2aee101ff6075dd97a99982a1ba29e21ec25c52f (commit) from 4bf5ab3196bd27e48d87d4a1cd91efd39772e026 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=54e725e39d0190227b9bf975a7c3f80e8a81365a commit 54e725e39d0190227b9bf975a7c3f80e8a81365a Author: Aurelien Jarno <aurelien@aurel32.net> Date: Sat Mar 16 22:59:56 2019 +0100 Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114] (cherry picked from commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2aee101ff6075dd97a99982a1ba29e21ec25c52f commit 2aee101ff6075dd97a99982a1ba29e21ec25c52f Author: Paul Eggert <eggert@cs.ucla.edu> Date: Mon Jan 21 11:08:13 2019 -0800 regex: fix read overrun [BZ #24114] Problem found by AddressSanitizer, reported by Hongxu Chen in: https://debbugs.gnu.org/34140 * posix/regexec.c (proceed_next_node): Do not read past end of input buffer. (cherry picked from commit 583dd860d5b833037175247230a328f0050dbfe9) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 9 +++++++++ NEWS | 4 ++++ posix/regexec.c | 6 ++++-- 3 files changed, 17 insertions(+), 2 deletions(-)
Flagging as security+ due to CVE assignment. Since this bug needs a crafted pattern to trigger, it would not normally qualify as a security bug.