external/subpack/libs/db/patches/130-CVE-2017-10140-cwd-db_config.patch - T108 - Gitiles

 Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
  Do not access DB_CONFIG when db_home is not set.
 Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
 Bug-Debian: https://bugs.debian.org/872436
 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
 Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
 Forwarded: no
 Author: Petr Kubat <pkubat@redhat.com>
 Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
 Last-Update: 2017-08-17

 --- a/src/env/env_open.c
 +++ b/src/env/env_open.c
 @@ -473,7 +473,7 @@ __env_config(dbenv, db_home, flagsp, mod
  	env->db_mode = mode == 0 ? DB_MODE_660 : mode;

  	/* Read the DB_CONFIG file. */
 -	if ((ret = __env_read_db_config(env)) != 0)
 +	if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
  		return (ret);

  	/*
	Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
	Do not access DB_CONFIG when db_home is not set.
	Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
	Bug-Debian: https://bugs.debian.org/872436
	Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
	Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
	Forwarded: no
	Author: Petr Kubat <pkubat@redhat.com>
	Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
	Last-Update: 2017-08-17

	--- a/src/env/env_open.c
	+++ b/src/env/env_open.c
	@@ -473,7 +473,7 @@ __env_config(dbenv, db_home, flagsp, mod
	env->db_mode = mode == 0 ? DB_MODE_660 : mode;

	/* Read the DB_CONFIG file. */
	- if ((ret = __env_read_db_config(env)) != 0)
	+ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
	return (ret);

	/*