You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 lines
792 B
26 lines
792 B
commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8 |
|
Author: Paul Eggert <eggert@cs.ucla.edu> |
|
Date: Sun Oct 22 10:00:57 2017 +0200 |
|
|
|
glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ #22332] |
|
|
|
CVE-2017-15804 was assigned to this issue after commit. |
|
|
|
diff --git a/posix/glob.c b/posix/glob.c |
|
index 15cf3d5cccab0ee0..e09314712d68c1b8 100644 |
|
--- a/posix/glob.c |
|
+++ b/posix/glob.c |
|
@@ -806,11 +806,11 @@ glob (pattern, flags, errfunc, pglob) |
|
char *p = mempcpy (newp, dirname + 1, |
|
unescape - dirname - 1); |
|
char *q = unescape; |
|
- while (*q != '\0') |
|
+ while (q != end_name) |
|
{ |
|
if (*q == '\\') |
|
{ |
|
- if (q[1] == '\0') |
|
+ if (q + 1 == end_name) |
|
{ |
|
/* "~fo\\o\\" unescape to user_name "foo\\", |
|
but "~fo\\o\\/" unescape to user_name
|
|
|