forked from rpms/glibc
db9712052c
* Mon Jan 24 2022 Florian Weimer <fweimer@redhat.com> - 2.34-21 - Sync with upstream branch release/2.34/master, commit 3438bbca90895d32825a52e31a77dc44d273c1c1: - Linux: Detect user namespace support in io/tst-getcwd-smallbuff - realpath: Avoid overwriting preexisting error - CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 - tst-realpath-toolong: Fix hurd build - CVE-2021-3998: realpath: ENAMETOOLONG for result larger than PATH_MAX - stdlib: Fix formatting of tests list in Makefile - stdlib: Sort tests in Makefile - support: Add helpers to create paths longer than PATH_MAX - powerpc: Fix unrecognized instruction errors with recent binutils - x86: use default cache size if it cannot be determined [BZ #28784] - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) - sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) - CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) - socket: Add the __sockaddr_un_set function - Disable debuginfod in printer tests [BZ #28757] - Update syscall lists for Linux 5.16 Resolves: #2032279 Resolves: #2032276
29 lines
907 B
Diff
29 lines
907 B
Diff
commit d084965adc7baa8ea804427cccf973cea556d697
|
|
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
|
Date: Mon Jan 24 21:36:41 2022 +0530
|
|
|
|
realpath: Avoid overwriting preexisting error (CVE-2021-3998)
|
|
|
|
Set errno and failure for paths that are too long only if no other error
|
|
occurred earlier.
|
|
|
|
Related: BZ #28770
|
|
|
|
Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
|
|
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
|
(cherry picked from commit 84d2d0fe20bdf94feed82b21b4d7d136db471f03)
|
|
|
|
diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c
|
|
index 7a23a51b3a395eb3..e2d4244fc7b8fa25 100644
|
|
--- a/stdlib/canonicalize.c
|
|
+++ b/stdlib/canonicalize.c
|
|
@@ -404,7 +404,7 @@ error:
|
|
{
|
|
if (dest - rname <= get_path_max ())
|
|
rname = strcpy (resolved, rname);
|
|
- else
|
|
+ else if (!failed)
|
|
{
|
|
failed = true;
|
|
__set_errno (ENAMETOOLONG);
|