public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/16917] New: libc6: ptsname_r() can use uninitialized memory
@ 2014-05-06 21:45 aurelien at aurel32 dot net
2014-05-15 22:08 ` [Bug libc/16917] " cvs-commit at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: aurelien at aurel32 dot net @ 2014-05-06 21:45 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16917
Bug ID: 16917
Summary: libc6: ptsname_r() can use uninitialized memory
Product: glibc
Version: 2.13
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: aurelien at aurel32 dot net
Reporter: aurelien at aurel32 dot net
CC: drepper.fsp at gmail dot com
If the fd refers to a terminal device, but not a pty master, the TIOCGPTN ioctl
returns with ENOTTY. This error is not caught, and the possibly undefined
buffer passed to ptsname_r is sent directly to the stat64 syscall.
For more details, see ttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741482
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16917] libc6: ptsname_r() can use uninitialized memory
2014-05-06 21:45 [Bug libc/16917] New: libc6: ptsname_r() can use uninitialized memory aurelien at aurel32 dot net
@ 2014-05-15 22:08 ` cvs-commit at gcc dot gnu.org
2014-05-15 22:59 ` aurelien at aurel32 dot net
2014-06-12 19:24 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2014-05-15 22:08 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16917
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via d16e6ec7ca2c861ba681e3a2fbd431725774292e (commit)
via d0583c403952630c534b0605ff7d69af5ec473cc (commit)
from c0c08d02c82275353f5c556f935a1a01714d9d7f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d16e6ec7ca2c861ba681e3a2fbd431725774292e
commit d16e6ec7ca2c861ba681e3a2fbd431725774292e
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Fri May 16 00:04:41 2014 +0200
SPARC: add prlimit and prlimit64 in <bits/resource.h> (BZ #16943)
prlimit and prlimit64 have been added in the main <bits/resource.h>, but
not in the SPARC specific version. Fix that.
Note: this is Debian bug#703559, reported by Emilio Pozuelo Monfort
<pochu@debian.org>
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d0583c403952630c534b0605ff7d69af5ec473cc
commit d0583c403952630c534b0605ff7d69af5ec473cc
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Fri May 16 00:03:37 2014 +0200
ptsname_r: don't leak uninitialized memory (BZ #16917)
If the fd refers to a terminal device, but not a pty master, the
TIOCGPTN ioctl returns with ENOTTY. This error is not caught, and the
possibly undefined buffer passed to ptsname_r is sent directly to the
stat64 syscall.
Fix this by using a fallback to the old method only if the TIOCGPTN
ioctl fails with EINVAL. This also fix the return value in that specific
case (it return ENOENT without this patch).
Also add tests to the ptsname_r function (and ptsname at the same time).
Note: this is Debian bug#741482, reported by Jakub Wilk <jwilk@debian.org>
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 13 +++
NEWS | 2 +-
login/Makefile | 2 +-
login/tst-ptsname.c | 108 +++++++++++++++++++++++++
sysdeps/unix/sysv/linux/ptsname.c | 4 +-
sysdeps/unix/sysv/linux/sparc/bits/resource.h | 27 ++++++
6 files changed, 153 insertions(+), 3 deletions(-)
create mode 100644 login/tst-ptsname.c
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16917] libc6: ptsname_r() can use uninitialized memory
2014-05-06 21:45 [Bug libc/16917] New: libc6: ptsname_r() can use uninitialized memory aurelien at aurel32 dot net
2014-05-15 22:08 ` [Bug libc/16917] " cvs-commit at gcc dot gnu.org
@ 2014-05-15 22:59 ` aurelien at aurel32 dot net
2014-06-12 19:24 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: aurelien at aurel32 dot net @ 2014-05-15 22:59 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16917
Aurelien Jarno <aurelien at aurel32 dot net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Aurelien Jarno <aurelien at aurel32 dot net> ---
Fixed in commit d0583c403952630c534b0605ff7d69af5ec473cc.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16917] libc6: ptsname_r() can use uninitialized memory
2014-05-06 21:45 [Bug libc/16917] New: libc6: ptsname_r() can use uninitialized memory aurelien at aurel32 dot net
2014-05-15 22:08 ` [Bug libc/16917] " cvs-commit at gcc dot gnu.org
2014-05-15 22:59 ` aurelien at aurel32 dot net
@ 2014-06-12 19:24 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2014-06-12 19:24 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16917
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
See Also| |http://bugs.debian.org/7414
| |82
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-06-12 19:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-06 21:45 [Bug libc/16917] New: libc6: ptsname_r() can use uninitialized memory aurelien at aurel32 dot net
2014-05-15 22:08 ` [Bug libc/16917] " cvs-commit at gcc dot gnu.org
2014-05-15 22:59 ` aurelien at aurel32 dot net
2014-06-12 19:24 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).