Submitted By: Xi Ruoyao Date: 2023-10-03 Initial Package Version: 2.34 Upstream Status: Committed Origin: Upstream commit dcc367f148bc Description: Fixes a security vulnerability in Glibc-2.34, 2.35, 2.36, and 2.37 as shipped by LFS 11.0, 11.1, 11.2, and 11.3. This vulnerability is trivially exploitable and allows local privilege escalation. X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=blobdiff_plain;f=elf%2Fdl-tunables.c;h=837474b5044cb5d75a7810a645923aacbc5cc5a9;hp=8009e54ee5db32beb228e69b05352e80c809c42c;hb=dcc367f148bc92e7f3778a125f7a416b093964d9;hpb=c3b99f8328939533a9b6ac93e8ae7285e90fbdab diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index 8009e54ee5..837474b504 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -188,11 +188,7 @@ parse_tunables (char *tunestr, char *valstring) /* If we reach the end of the string before getting a valid name-value pair, bail out. */ if (p[len] == '\0') - { - if (__libc_enable_secure) - tunestr[off] = '\0'; - return; - } + break; /* We did not find a valid name-value pair before encountering the colon. */ @@ -252,9 +248,16 @@ parse_tunables (char *tunestr, char *valstring) } } - if (p[len] != '\0') - p += len + 1; + /* We reached the end while processing the tunable string. */ + if (p[len] == '\0') + break; + + p += len + 1; } + + /* Terminate tunestr before we leave. */ + if (__libc_enable_secure) + tunestr[off] = '\0'; } #endif