Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 831096 (CVE-2021-3998) - <sys-libs/glibc-{2.33-r9, 2.34-r7}: Unexpected return value from realpath() for too long results (CVE-2021-3998)
Summary: <sys-libs/glibc-{2.33-r9, 2.34-r7}: Unexpected return value from realpath() f...
Status: IN_PROGRESS
Alias: CVE-2021-3998
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: A3 [upstream]
Keywords:
Depends on: CVE-2021-3999, CVE-2022-23218, CVE-2022-23219
Blocks:
  Show dependency tree
 
Reported: 2022-01-13 05:45 UTC by Sam James
Modified: 2022-01-25 15:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-13 05:45:50 UTC
Description (from upstream bug):
"When the resolved_path argument for realpath is non-NULL and the result is longer than PATH_MAX, the return value is an allocated string instead of resolved_path, which may result in a memory leak since the caller expects resolved_path.

Another problem with this behaviour is that if the caller uses resolved_path instead of the return value from realpath; it may potentially end up using uninitialized memory.

The expected behaviour in case of result being greater than PATH_MAX is to return NULL and set ENAMETOOLONG."

Patch (obviously we'll wait until it's backported): https://marc.info/?l=glibc-alpha&m=164205246222498&w=2
Comment 1 Larry the Git Cow gentoo-dev 2022-01-25 13:13:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32cacd85af01e3a00b5fbe4d121c70db56f3e4be

commit 32cacd85af01e3a00b5fbe4d121c70db56f3e4be
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2022-01-25 13:11:59 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2022-01-25 13:13:06 +0000

    sys-libs/glibc: 2.33 patchlevel 7 bump
    
    Includes fixes for CVE-2021-3998, CVE-2021-3999, CVE-2022-23218, CVE-2022-23219
    
    Bug: https://bugs.gentoo.org/831212
    Bug: https://bugs.gentoo.org/831096
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest                                       | 1 +
 sys-libs/glibc/{glibc-2.33-r8.ebuild => glibc-2.33-r9.ebuild} | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)