This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "uClibc-ng - small C library for embedded systems".

The branch, 1.0 has been updated via 0074f6d29b2794ec9dbcb4a5e3c6e4defac220c2 (commit) from 312f482d395b591398296b5472a3884a12716cbd (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit 0074f6d29b2794ec9dbcb4a5e3c6e4defac220c2 Author: Ben Boeckel mathstuf@gmail.com Date: Sat Oct 17 11:58:44 2015 -0400

confdata: fix invalid write

stndup will copy *up to* the size parameter, not allocate a buffer of that size, so the buffer is not necessarily large enough to fit the ".old" extension.

Caught with glibc's MALLOC_CHECK_=3.

Signed-off-by: Ben Boeckel mathstuf@gmail.com

-----------------------------------------------------------------------

Summary of changes: extra/config/confdata.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/extra/config/confdata.c b/extra/config/confdata.c index 61c91c2..94c63c0 100644 --- a/extra/config/confdata.c +++ b/extra/config/confdata.c @@ -814,7 +814,8 @@ next: fclose(out);

if (*tmpname) { - dirname = strndup(basename, strlen(basename) + 4); + dirname = malloc(strlen(basename) + 4 + 1); + strcpy(dirname, basename); strcat(dirname, ".old"); rename(newname, dirname); free(dirname);

hooks/post-receive