1fbbeff0c1
Fixes CVE-2014-8121, CVE-2015-1781 and two unnumbered problems (apparently). All these commits should be contained in the 2.22 release, but we don't want that yet due to unresolved locale incompatibilites.
54 lines
1.4 KiB
Diff
54 lines
1.4 KiB
Diff
From 4a28f4d55a6cc33474c0792fe93b5942d81bf185 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schwab <schwab@suse.de>
|
|
Date: Thu, 26 Feb 2015 14:55:24 +0100
|
|
Subject: [PATCH] Fix read past end of pattern in fnmatch (bug 18032)
|
|
|
|
---
|
|
ChangeLog | 7 +++++++
|
|
NEWS | 2 +-
|
|
posix/fnmatch_loop.c | 5 ++---
|
|
posix/tst-fnmatch3.c | 8 +++++---
|
|
4 files changed, 15 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c
|
|
index c0cb2fc..72c5d8f 100644
|
|
--- a/posix/fnmatch_loop.c
|
|
+++ b/posix/fnmatch_loop.c
|
|
@@ -945,14 +945,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
|
|
}
|
|
else if (c == L('[') && *p == L('.'))
|
|
{
|
|
- ++p;
|
|
while (1)
|
|
{
|
|
c = *++p;
|
|
- if (c == '\0')
|
|
+ if (c == L('\0'))
|
|
return FNM_NOMATCH;
|
|
|
|
- if (*p == L('.') && p[1] == L(']'))
|
|
+ if (c == L('.') && p[1] == L(']'))
|
|
break;
|
|
}
|
|
p += 2;
|
|
diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c
|
|
index d27a557..75bc00a 100644
|
|
--- a/posix/tst-fnmatch3.c
|
|
+++ b/posix/tst-fnmatch3.c
|
|
@@ -21,9 +21,11 @@
|
|
int
|
|
do_test (void)
|
|
{
|
|
- const char *pattern = "[[:alpha:]'[:alpha:]\0]";
|
|
-
|
|
- return fnmatch (pattern, "a", 0) != FNM_NOMATCH;
|
|
+ if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH)
|
|
+ return 1;
|
|
+ if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH)
|
|
+ return 1;
|
|
+ return 0;
|
|
}
|
|
|
|
#define TEST_FUNCTION do_test ()
|
|
|