aboutsummaryrefslogtreecommitdiffstats
path: root/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch')
-rw-r--r--meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch71
1 files changed, 71 insertions, 0 deletions
diff --git a/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch b/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch
new file mode 100644
index 000000000..8ce5ca2bc
--- /dev/null
+++ b/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch
@@ -0,0 +1,71 @@
+# Source: https://sourceware.org/git/?p=glibc.git;a=patch;h=87bd4186da10371f46e2f1a7bf7c0a45bb04f1ac
+# Modified: removed Changelog and NEWS from patch to apply across multiple revisions
+# Upstream status: backport
+#
+# 2017-09-05 jsmoeller@linuxfoundation.org
+
+From 87bd4186da10371f46e2f1a7bf7c0a45bb04f1ac Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 18:33:26 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d)
+---
+ ChangeLog | 7 +++++++
+ NEWS | 1 +
+ elf/rtld.c | 3 ++-
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+# removed to apply on older version ...
+#
+#diff --git a/ChangeLog b/ChangeLog
+#index 1795e28..e37f14f 100644
+#--- a/ChangeLog
+#+++ b/ChangeLog
+#@@ -1,3 +1,10 @@
+#+2017-06-19 Florian Weimer <fweimer@redhat.com>
+#+
+#+ [BZ #21624]
+#+ CVE-2017-1000366
+#+ * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for
+#+ __libc_enable_secure.
+#+
+# 2017-02-01 Andreas Schwab <schwab@linux-m68k.org>
+#
+# * sysdeps/m68k/m680x0/m68020/atomic-machine.h
+#diff --git a/NEWS b/NEWS
+#index 82a718f..d42af91 100644
+#--- a/NEWS
+#+++ b/NEWS
+#@@ -25,6 +25,7 @@ The following bugs are resolved with this release:
+#
+# [21289] Fix symbol redirect for fts_set
+# [21386] Assertion in fork for distinct parent PID is incorrect
+#+ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+#
+# Version 2.24
+#
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 647661c..215a9ae 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2437,7 +2437,8 @@ process_envvars (enum mode *modep)
+
+ case 12:
+ /* The library search path. */
+- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++ if (!__libc_enable_secure
++ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ {
+ library_path = &envline[13];
+ break;
+--
+2.9.3
+