rpms / genwqe-tools

Clone
Source Code
GIT

Files

  1.   b38c1b35eea11171afd7ed94231b3fa96901c664
  2.   SOURCES
  3.   genwqe-user-4.0.18-disable-user-zlibpath.patch
Blob Blame History Raw 
diff -up genwqe-user-4.0.18/lib/software.c.orig genwqe-user-4.0.18/lib/software.c
--- genwqe-user-4.0.18/lib/software.c.orig	2017-11-17 20:53:26.736854418 +0100
+++ genwqe-user-4.0.18/lib/software.c	2017-11-17 20:55:34.200032915 +0100
@@ -594,6 +594,9 @@ const z_crc_t *get_crc_table()
 void zedc_sw_init(void)
 {
 	char *error;
+
+/* potential arbitrary code execution issue */
+#if 0
 	const char *zlib_path = getenv("ZLIB_PATH");
 
 	/* User has setup environment variable to find libz.so.1 */
@@ -604,6 +607,7 @@ void zedc_sw_init(void)
 		if (handle != NULL)
 			goto load_syms;
 	}
+#endif
 
 	/* We saw dlopen returning non NULL value in case of passing ""! */
 	if (strcmp(CONFIG_ZLIB_PATH, "") == 0) {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation