unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob 029b4ddbd74d1f04f4948986654360d8a1c2b9b2 823 bytes (raw)
name: patches/glibc-CVE-2019-9169.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

 
Fix <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169>.

Taken from this upstream commit, sans ChangeLog updates:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=583dd860d5b833037175247230a328f0050dbfe9

diff --git a/posix/regexec.c b/posix/regexec.c
index 91d5a797b8..084b1222d9 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
 	      else if (naccepted)
 		{
 		  char *buf = (char *) re_string_get_buffer (&mctx->input);
-		  if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
-			      naccepted) != 0)
+		  if (mctx->input.valid_len - *pidx < naccepted
+		      || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+				  naccepted)
+			  != 0))
 		    return -1;
 		}
 	    }

debug log:

solving 029b4ddbd74d1f04f4948986654360d8a1c2b9b2 ...
found 029b4ddbd74d1f04f4948986654360d8a1c2b9b2 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).