This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)
- From: Allan McRae <allan at archlinux dot org>
- To: Florian Weimer <fweimer at redhat dot com>, Roland McGrath <roland at hack dot frob dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Sun, 15 Jun 2014 11:08:58 +1000
- Subject: Re: [PATCH] posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)
- Authentication-results: sourceware.org; auth=none
- References: <5398C182 dot 4040906 at redhat dot com> <20140611210111 dot 92DF92C39A5 at topped-with-meat dot com> <5398C7BD dot 5000304 at redhat dot com>
On 12/06/14 07:18, Florian Weimer wrote:
> On 06/11/2014 11:01 PM, Roland McGrath wrote:
>> This looks fine to me except for some trivia.
> Thanks, committed with the suggested changes.
We normally add a news item for fixed CVEs. How does this sound?
* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
copy the path argument. This allowed programs to trigger use-after-free
bugs or other situations where the path is mutated. (Bugzilla #17048).