CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ #19779]

Instead, we store the data we need from the return value of readdir in an object of the new type struct readdir_result. This type is independent of the layout of struct dirent.
author: Florian Weimer <fweimer@redhat.com> 2016-05-04 12:09:35 +0200
committer: Florian Weimer <fweimer@redhat.com> 2016-05-04 12:09:35 +0200
commit: 5171f3079f2cc53e0548fc4967361f4d1ce9d7ea (patch)
tree: 3d23357f6313d2d00017bf641fd61a3dc9459105 /NEWS
parent: 2faba597eca15666ce46cc721041747e96c8b942 (diff)
download: glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar.gz
glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar.xz
glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 1e12173dba..b3fd3cc2ec 100644
--- a/NEWS
+++ b/NEWS
@@ -44,6 +44,10 @@ Security related changes:
   resulting in a stack overflow.  getaddrinfo now uses a heap allocation
   instead.  Reported by Michael Petlan.  (CVE-2016-3706)
 
+* The glob function suffered from a stack-based buffer overflow when it was
+  called with the GLOB_ALTDIRFUNC flag and encountered a long file name.
+  Reported by Alexander Cherepanov.  (CVE-2016-1234)
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
author	Florian Weimer <fweimer@redhat.com>	2016-05-04 12:09:35 +0200
committer	Florian Weimer <fweimer@redhat.com>	2016-05-04 12:09:35 +0200
commit	5171f3079f2cc53e0548fc4967361f4d1ce9d7ea (patch)
tree	3d23357f6313d2d00017bf641fd61a3dc9459105 /NEWS
parent	2faba597eca15666ce46cc721041747e96c8b942 (diff)
download	glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar.gz glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar.xz glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.zip