mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-28 15:22:18 -05:00
28 lines
819 B
Diff
28 lines
819 B
Diff
|
Fix CVE-2017-15670:
|
||
|
|
||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670
|
||
|
https://sourceware.org/bugzilla/show_bug.cgi?id=22320
|
||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1504804
|
||
|
|
||
|
And CVE-2017-15671:
|
||
|
|
||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671
|
||
|
https://sourceware.org/bugzilla/show_bug.cgi?id=22325
|
||
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671
|
||
|
|
||
|
Copied from upstream:
|
||
|
<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f>
|
||
|
|
||
|
diff --git a/posix/glob.c b/posix/glob.c
|
||
|
--- a/posix/glob.c
|
||
|
+++ b/posix/glob.c
|
||
|
@@ -843,7 +843,7 @@
|
||
|
*p = '\0';
|
||
|
}
|
||
|
else
|
||
|
- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
|
||
|
+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
|
||
|
= '\0';
|
||
|
user_name = newp;
|
||
|
}
|