[Bug libc/16917] New: libc6: ptsname_r() can use uninitialized memory

[Bug libc/16917] New: libc6: ptsname_r() can use uninitialized memory

[aurelien at aurel32 dot net]

https://sourceware.org/bugzilla/show_bug.cgi?id=16917

            Bug ID: 16917
           Summary: libc6: ptsname_r() can use uninitialized memory
           Product: glibc
           Version: 2.13
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: aurelien at aurel32 dot net
          Reporter: aurelien at aurel32 dot net
                CC: drepper.fsp at gmail dot com

If the fd refers to a terminal device, but not a pty master, the TIOCGPTN ioctl
returns with ENOTTY. This error is not caught, and the possibly undefined
buffer passed to ptsname_r is sent directly to the stat64 syscall.

For more details, see ttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741482

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/16917] libc6: ptsname_r() can use uninitialized memory

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=16917

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  d16e6ec7ca2c861ba681e3a2fbd431725774292e (commit)
       via  d0583c403952630c534b0605ff7d69af5ec473cc (commit)
      from  c0c08d02c82275353f5c556f935a1a01714d9d7f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d16e6ec7ca2c861ba681e3a2fbd431725774292e

commit d16e6ec7ca2c861ba681e3a2fbd431725774292e
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Fri May 16 00:04:41 2014 +0200

    SPARC: add prlimit and prlimit64 in <bits/resource.h> (BZ #16943)

    prlimit and prlimit64 have been added in the main <bits/resource.h>, but
    not in the SPARC specific version. Fix that.

    Note: this is Debian bug#703559, reported by Emilio Pozuelo Monfort
    <pochu@debian.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d0583c403952630c534b0605ff7d69af5ec473cc

commit d0583c403952630c534b0605ff7d69af5ec473cc
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Fri May 16 00:03:37 2014 +0200

    ptsname_r: don't leak uninitialized memory (BZ #16917)

    If the fd refers to a terminal device, but not a pty master, the
    TIOCGPTN ioctl returns with ENOTTY. This error is not caught, and the
    possibly undefined buffer passed to ptsname_r is sent directly to the
    stat64 syscall.

    Fix this by using a fallback to the old method only if the TIOCGPTN
    ioctl fails with EINVAL. This also fix the return value in that specific
    case (it return ENOENT without this patch).

    Also add tests to the ptsname_r function (and ptsname at the same time).

    Note: this is Debian bug#741482, reported by Jakub Wilk <jwilk@debian.org>

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                                     |   13 +++
 NEWS                                          |    2 +-
 login/Makefile                                |    2 +-
 login/tst-ptsname.c                           |  108 +++++++++++++++++++++++++
 sysdeps/unix/sysv/linux/ptsname.c             |    4 +-
 sysdeps/unix/sysv/linux/sparc/bits/resource.h |   27 ++++++
 6 files changed, 153 insertions(+), 3 deletions(-)
 create mode 100644 login/tst-ptsname.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/16917] libc6: ptsname_r() can use uninitialized memory

[aurelien at aurel32 dot net]

https://sourceware.org/bugzilla/show_bug.cgi?id=16917

Aurelien Jarno <aurelien at aurel32 dot net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Aurelien Jarno <aurelien at aurel32 dot net> ---
Fixed in commit d0583c403952630c534b0605ff7d69af5ec473cc.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/16917] libc6: ptsname_r() can use uninitialized memory

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=16917

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
           See Also|                            |http://bugs.debian.org/7414
                   |                            |82
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.