aboutsummaryrefslogtreecommitdiffstats
path: root/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch
diff options
context:
space:
mode:
authorJan-Simon Möller <jsmoeller@linuxfoundation.org>2017-09-05 10:31:04 +0200
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2017-09-05 12:06:47 +0000
commit94f492fb807cf3a989936100be59ada747cf2d81 (patch)
treee492ad93f30279f9baa1b51cd88a7f0512e43c97 /meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch
parentb54b4bfb817ab444349918b7642dbf2aec5ccb45 (diff)
Renew backports after upstream update - CVE2017-1000366
This change renews the backports for glibc after upstream YP updated its glibc patch queue. We change the method from pulling the SRCREV up to backporting the patch only. Bug-AGL: SPEC-705 Change-Id: I212ae065bc3fc886f1fddb65628dbd2788bb9370 Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/10775
Diffstat (limited to 'meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch')
-rw-r--r--meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch71
1 files changed, 71 insertions, 0 deletions
diff --git a/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch b/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch
new file mode 100644
index 000000000..8ce5ca2bc
--- /dev/null
+++ b/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch
@@ -0,0 +1,71 @@
+# Source: https://sourceware.org/git/?p=glibc.git;a=patch;h=87bd4186da10371f46e2f1a7bf7c0a45bb04f1ac
+# Modified: removed Changelog and NEWS from patch to apply across multiple revisions
+# Upstream status: backport
+#
+# 2017-09-05 jsmoeller@linuxfoundation.org
+
+From 87bd4186da10371f46e2f1a7bf7c0a45bb04f1ac Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 18:33:26 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d)
+---
+ ChangeLog | 7 +++++++
+ NEWS | 1 +
+ elf/rtld.c | 3 ++-
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+# removed to apply on older version ...
+#
+#diff --git a/ChangeLog b/ChangeLog
+#index 1795e28..e37f14f 100644
+#--- a/ChangeLog
+#+++ b/ChangeLog
+#@@ -1,3 +1,10 @@
+#+2017-06-19 Florian Weimer <fweimer@redhat.com>
+#+
+#+ [BZ #21624]
+#+ CVE-2017-1000366
+#+ * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for
+#+ __libc_enable_secure.
+#+
+# 2017-02-01 Andreas Schwab <schwab@linux-m68k.org>
+#
+# * sysdeps/m68k/m680x0/m68020/atomic-machine.h
+#diff --git a/NEWS b/NEWS
+#index 82a718f..d42af91 100644
+#--- a/NEWS
+#+++ b/NEWS
+#@@ -25,6 +25,7 @@ The following bugs are resolved with this release:
+#
+# [21289] Fix symbol redirect for fts_set
+# [21386] Assertion in fork for distinct parent PID is incorrect
+#+ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+#
+# Version 2.24
+#
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 647661c..215a9ae 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2437,7 +2437,8 @@ process_envvars (enum mode *modep)
+
+ case 12:
+ /* The library search path. */
+- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++ if (!__libc_enable_secure
++ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ {
+ library_path = &envline[13];
+ break;
+--
+2.9.3
+