mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
6152ee6778
Pick patches per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-14104 (From OE-Core rev: 0dee49ec49c341235863ec75fc80619e70dfd836) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
29 lines
872 B
Diff
29 lines
872 B
Diff
From 9a36d77012c4c771f8d51eba46b6e62c29bf572a Mon Sep 17 00:00:00 2001
|
|
From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
|
|
Date: Mon, 26 May 2025 10:06:02 +0100
|
|
Subject: [PATCH] Update bufflen
|
|
|
|
Update buflen
|
|
|
|
CVE: CVE-2025-14104
|
|
Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/9a36d77012c4c771f8d51eba46b6e62c29bf572a]
|
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
|
---
|
|
login-utils/setpwnam.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
|
|
index 95e470b5a..7778e98f7 100644
|
|
--- a/login-utils/setpwnam.c
|
|
+++ b/login-utils/setpwnam.c
|
|
@@ -99,7 +99,8 @@ int setpwnam(struct passwd *pwd, const char *prefix)
|
|
goto fail;
|
|
|
|
namelen = strlen(pwd->pw_name);
|
|
-
|
|
+ if (namelen > buflen)
|
|
+ buflen += namelen;
|
|
linebuf = malloc(buflen);
|
|
if (!linebuf)
|
|
goto fail;
|