Gecko [ v99win.today ]

Name	Size	Permission
CVE-2023-4806-pre1.patch	1.7 KB	-rw-r--r--
CVE-2023-4806-pre10.patch	5.45 KB	-rw-r--r--
CVE-2023-4806-pre11.patch	5.99 KB	-rw-r--r--
CVE-2023-4806-pre12.patch	1.31 KB	-rw-r--r--
CVE-2023-4806-pre2.patch	7.2 KB	-rw-r--r--
CVE-2023-4806-pre3.patch	2.93 KB	-rw-r--r--
CVE-2023-4806-pre4.patch	8.29 KB	-rw-r--r--
CVE-2023-4806-pre5.patch	31.86 KB	-rw-r--r--
CVE-2023-4806-pre6.patch	4.75 KB	-rw-r--r--
CVE-2023-4806-pre7.patch	9.25 KB	-rw-r--r--
CVE-2023-4806-pre8.patch	19.66 KB	-rw-r--r--
CVE-2023-4806-pre9.patch	5.16 KB	-rw-r--r--
CVE-2023-4806.patch	12.16 KB	-rw-r--r--
CVE-2023-4813.patch	25.4 KB	-rw-r--r--
CVE-2023-4911.patch	2 KB	-rw-r--r--
CVE-2023-5156.patch	3.19 KB	-rw-r--r--
CVE-2024-2961.patch	6.92 KB	-rw-r--r--
CVE-2025-0395.patch	2.16 KB	-rw-r--r--
CVE-2025-4802.patch	2.44 KB	-rw-r--r--
git-surplus-tls-accounting.dif...	40.23 KB	-rw-r--r--
local-asserth-decls.diff	1.13 KB	-rw-r--r--
local-bindresvport_blacklist.d...	3.31 KB	-rw-r--r--
local-bootstrap-headers.diff	3.17 KB	-rw-r--r--
local-disable-libnss-db.diff	478 B	-rw-r--r--
local-fhs-linux-paths.diff	1 KB	-rw-r--r--
local-fhs-nscd.diff	855 B	-rw-r--r--
local-ld-multiarch.diff	1.32 KB	-rw-r--r--
local-ldconfig-ignore-ld.so.di...	1.47 KB	-rw-r--r--
local-ldconfig-multiarch.diff	1.51 KB	-rw-r--r--
local-ldso-disable-hwcap.diff	3.71 KB	-rw-r--r--
local-nss-overflow.diff	1.93 KB	-rw-r--r--
local-nss-upgrade.diff	956 B	-rw-r--r--
local-revert-bz13979.diff	1.43 KB	-rw-r--r--
local-stubs_h.diff	432 B	-rw-r--r--
local-tcsetaddr.diff	2.83 KB	-rw-r--r--
local-test-install.diff	612 B	-rw-r--r--
submitted-bits-fcntl_h-at.diff	5.08 KB	-rw-r--r--
submitted-ld.so-cache-new-form...	2.27 KB	-rw-r--r--
submitted-missing-etc-hosts.di...	306 B	-rw-r--r--
submitted-nptl-invalid-td.patc...	883 B	-rw-r--r--
submitted-resolv-unaligned.dif...	3.04 KB	-rw-r--r--
unsubmitted-ldso-machine-misma...	444 B	-rw-r--r--

Name

Size

Permission

Action

CVE-2023-4806-pre1.patch

1.7 KB

-rw-r--r--

CVE-2023-4806-pre10.patch

5.45 KB

-rw-r--r--

CVE-2023-4806-pre11.patch

5.99 KB

-rw-r--r--

CVE-2023-4806-pre12.patch

1.31 KB

-rw-r--r--

CVE-2023-4806-pre2.patch

7.2 KB

-rw-r--r--

CVE-2023-4806-pre3.patch

2.93 KB

-rw-r--r--

CVE-2023-4806-pre4.patch

8.29 KB

-rw-r--r--

CVE-2023-4806-pre5.patch

31.86 KB

-rw-r--r--

CVE-2023-4806-pre6.patch

4.75 KB

-rw-r--r--

CVE-2023-4806-pre7.patch

9.25 KB

-rw-r--r--

CVE-2023-4806-pre8.patch

19.66 KB

-rw-r--r--

CVE-2023-4806-pre9.patch

5.16 KB

-rw-r--r--

CVE-2023-4806.patch

12.16 KB

-rw-r--r--

CVE-2023-4813.patch

25.4 KB

-rw-r--r--

CVE-2023-4911.patch

2 KB

-rw-r--r--

CVE-2023-5156.patch

3.19 KB

-rw-r--r--

CVE-2024-2961.patch

6.92 KB

-rw-r--r--

CVE-2025-0395.patch

2.16 KB

-rw-r--r--

CVE-2025-4802.patch

2.44 KB

-rw-r--r--

git-surplus-tls-accounting.dif...

40.23 KB

-rw-r--r--

local-asserth-decls.diff

1.13 KB

-rw-r--r--

local-bindresvport_blacklist.d...

3.31 KB

-rw-r--r--

local-bootstrap-headers.diff

3.17 KB

-rw-r--r--

local-disable-libnss-db.diff

478 B

-rw-r--r--

local-fhs-linux-paths.diff

1 KB

-rw-r--r--

local-fhs-nscd.diff

855 B

-rw-r--r--

local-ld-multiarch.diff

1.32 KB

-rw-r--r--

local-ldconfig-ignore-ld.so.di...

1.47 KB

-rw-r--r--

local-ldconfig-multiarch.diff

1.51 KB

-rw-r--r--

local-ldso-disable-hwcap.diff

3.71 KB

-rw-r--r--

local-nss-overflow.diff

1.93 KB

-rw-r--r--

local-nss-upgrade.diff

956 B

-rw-r--r--

local-revert-bz13979.diff

1.43 KB

-rw-r--r--

local-stubs_h.diff

432 B

-rw-r--r--

local-tcsetaddr.diff

2.83 KB

-rw-r--r--

local-test-install.diff

612 B

-rw-r--r--

submitted-bits-fcntl_h-at.diff

5.08 KB

-rw-r--r--

submitted-ld.so-cache-new-form...

2.27 KB

-rw-r--r--

submitted-missing-etc-hosts.di...

306 B

-rw-r--r--

submitted-nptl-invalid-td.patc...

883 B

-rw-r--r--

submitted-resolv-unaligned.dif...

3.04 KB

-rw-r--r--

unsubmitted-ldso-machine-misma...

444 B

-rw-r--r--

Code Editor : CVE-2023-4911.patch

Updated: 2023-09-29 (to work-around toolchain issue)

From d2b77337f734fcacdfc8e0ddec14cf31a746c7be Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Mon, 11 Sep 2023 18:53:15 -0400
Subject: [PATCH v2] tunables: Terminate immediately if end of input is reached

The string parsing routine may end up writing beyond bounds of tunestr
if the input tunable string is malformed, of the form name=name=val.
This gets processed twice, first as name=name=val and next as name=val,
resulting in tunestr being name=name=val:name=val, thus overflowing
tunestr.

Terminate the parsing loop at the first instance itself so that tunestr
does not overflow.
---
Changes from v1:

- Also null-terminate tunestr before exiting.

elf/dl-tunables.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

--- a/elf/dl-tunables.c
+++ b/elf/dl-tunables.c
@@ -166,7 +166,7 @@ __tunable_set_val (tunable_id_t id, tuna
    environment variable value for GLIBC_TUNABLES.  VALSTRING is the original
    environment variable string which we use to make NULL terminated values so
    that we don't have to allocate memory again for it.  */
-static void
+__attribute__ ((noinline)) static void
 parse_tunables (char *tunestr, char *valstring)
 {
   if (tunestr == NULL || *tunestr == '\0')
@@ -187,11 +187,7 @@ parse_tunables (char *tunestr, char *val
       /* If we reach the end of the string before getting a valid name-value
 	 pair, bail out.  */
       if (p[len] == '\0')
-	{
-	  if (__libc_enable_secure)
-	    tunestr[off] = '\0';
-	  return;
-	}
+	break;
 
       /* We did not find a valid name-value pair before encountering the
 	 colon.  */
@@ -251,9 +247,16 @@ parse_tunables (char *tunestr, char *val
 	    }
 	}
 
-      if (p[len] != '\0')
-	p += len + 1;
+      /* We reached the end while processing the tunable string.  */
+      if (p[len] == '\0')
+	break;
+
+      p += len + 1;
     }
+
+  /* Terminate tunestr before we leave.  */
+  if (__libc_enable_secure)
+    tunestr[off] = '\0';
 }
 #endif

${this.title}

Code Editor : CVE-2023-4911.patch