This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/22786] Stack buffer overflow in realpath() if input size is close to SSIZE_MAX

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Thu, 17 May 2018 12:43:57 +0000
Subject: [Bug libc/22786] Stack buffer overflow in realpath() if input size is close to SSIZE_MAX
Auto-submitted: auto-generated
References: <bug-22786-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=22786

--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.26/master has been updated
       via  af7519f7b35024224c163e32a89fb247b0c446fc (commit)
      from  365722ace6c9bad3167804fa8f12884eafae6d8f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=af7519f7b35024224c163e32a89fb247b0c446fc

commit af7519f7b35024224c163e32a89fb247b0c446fc
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date:   Tue May 8 18:12:41 2018 -0700

    Fix path length overflow in realpath [BZ #22786]

    Integer addition overflow may cause stack buffer overflow
    when realpath() input length is close to SSIZE_MAX.

    2018-05-09  Paul Pluzhnikov  <ppluzhnikov@google.com>

        [BZ #22786]
        * stdlib/canonicalize.c (__realpath): Fix overflow in path length
        computation.
        * stdlib/Makefile (test-bz22786): New test.
        * stdlib/test-bz22786.c: New test.

    (cherry picked from commit 5460617d1567657621107d895ee2dd83bc1f88f2)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog             |    8 ++++
 NEWS                  |    1 +
 stdlib/Makefile       |    2 +-
 stdlib/canonicalize.c |    2 +-
 stdlib/test-bz22786.c |   90 +++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 101 insertions(+), 2 deletions(-)
 create mode 100644 stdlib/test-bz22786.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]