diff options
| author | Florian Weimer <fweimer@redhat.com> | 2013-08-16 09:38:52 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2013-08-16 09:40:34 +0200 |
| commit | 91ce40854d0b7f865cf5024ef95a8026b76096f3 (patch) | |
| tree | 268277f390b889cc857152d268242bd603036b9e /NEWS | |
| parent | ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89 (diff) | |
| download | glibc-91ce40854d0b7f865cf5024ef95a8026b76096f3.zip glibc-91ce40854d0b7f865cf5024ef95a8026b76096f3.tar.gz glibc-91ce40854d0b7f865cf5024ef95a8026b76096f3.tar.bz2 | |
CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
member.
* sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
member.
* sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
* sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
Return delayed error code. Remove GETDENTS_64BIT_ALIGNED
conditional.
* sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
GETDENTS_64BIT_ALIGNED.
* sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
* manual/filesys.texi (Reading/Closing Directory): Document
ENAMETOOLONG return value of readdir_r. Recommend readdir more
strongly.
* manual/conf.texi (Limits for Files): Add portability note to
NAME_MAX, PATH_MAX.
(Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -9,7 +9,12 @@ Version 2.19 * The following bugs are resolved with this release: - 15749 + 14699, 15749 + +* CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes + to the d_name member of struct dirent, or omit the terminating NUL + character. (Bugzilla #14699). + Version 2.18 |