rpms / genwqe-tools

Clone
Source Code
GIT

Blame SOURCES/genwqe-user-4.0.18-disable-user-zlibpath.patch

c7 c7-alt c7-beta c8 c8-beta
  1.   ffb73ff22f7c0a55bef1141de731b7144ef20b70
  2.   SOURCES
  3.   genwqe-user-4.0.18-disable-user-zlibpath.patch
Blob History Raw
ffb73f 
diff -up genwqe-user-4.0.18/lib/software.c.orig genwqe-user-4.0.18/lib/software.c
ffb73f 
--- genwqe-user-4.0.18/lib/software.c.orig	2017-11-17 20:53:26.736854418 +0100
ffb73f 
+++ genwqe-user-4.0.18/lib/software.c	2017-11-17 20:55:34.200032915 +0100
ffb73f 
@@ -594,6 +594,9 @@ const z_crc_t *get_crc_table()
ffb73f 
 void zedc_sw_init(void)
ffb73f 
 {
ffb73f 
 	char *error;
ffb73f 
+
ffb73f 
+/* potential arbitrary code execution issue */
ffb73f 
+#if 0
ffb73f 
 	const char *zlib_path = getenv("ZLIB_PATH");
ffb73f
ffb73f 
 	/* User has setup environment variable to find libz.so.1 */
ffb73f 
@@ -604,6 +607,7 @@ void zedc_sw_init(void)
ffb73f 
 		if (handle != NULL)
ffb73f 
 			goto load_syms;
ffb73f 
 	}
ffb73f 
+#endif
ffb73f
ffb73f 
 	/* We saw dlopen returning non NULL value in case of passing ""! */
ffb73f 
 	if (strcmp(CONFIG_ZLIB_PATH, "") == 0) {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation