forked from pool/glibc
Andreas Schwab
dc304305df
- getcwd-absolute.patch: make getcwd(3) fail if it cannot obtain an absolute path (CVE-2018-1000001, bsc#1074293, BZ #22679) - dl-init-paths-overflow.patch: Count components of the expanded path in _dl_init_path (CVE-2017-1000408, CVE-2017-1000409, bsc#1071319, BZ #22607, BZ #22627) - fillin-rpath-empty-tokens.patch: Check for empty tokens before dynamic string token expansion (CVE-2017-16997, bsc#1073231, BZ #22625) OBS-URL: https://build.opensuse.org/request/show/568213 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=488
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
2018-01-12 Dmitry V. Levin <ldv@altlinux.org>
|
|
|
|
[BZ #22679]
|
|
CVE-2018-1000001
|
|
* sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to
|
|
generic_getcwd if the path returned by getcwd syscall is not absolute.
|
|
|
|
Index: glibc-2.26/sysdeps/unix/sysv/linux/getcwd.c
|
|
===================================================================
|
|
--- glibc-2.26.orig/sysdeps/unix/sysv/linux/getcwd.c
|
|
+++ glibc-2.26/sysdeps/unix/sysv/linux/getcwd.c
|
|
@@ -76,7 +76,7 @@ __getcwd (char *buf, size_t size)
|
|
int retval;
|
|
|
|
retval = INLINE_SYSCALL (getcwd, 2, path, alloc_size);
|
|
- if (retval >= 0)
|
|
+ if (retval > 0 && path[0] == '/')
|
|
{
|
|
#ifndef NO_ALLOCATION
|
|
if (buf == NULL && size == 0)
|
|
@@ -92,10 +92,10 @@ __getcwd (char *buf, size_t size)
|
|
return buf;
|
|
}
|
|
|
|
- /* The system call cannot handle paths longer than a page.
|
|
- Neither can the magic symlink in /proc/self. Just use the
|
|
+ /* The system call either cannot handle paths longer than a page
|
|
+ or can succeed without returning an absolute path. Just use the
|
|
generic implementation right away. */
|
|
- if (errno == ENAMETOOLONG)
|
|
+ if (retval >= 0 || errno == ENAMETOOLONG)
|
|
{
|
|
#ifndef NO_ALLOCATION
|
|
if (buf == NULL && size == 0)
|