1 files changed, 41 insertions, 0 deletions

diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13104/0001-CVE-2019-13104-ext4-check-for-underflow-in-ext4fs_re.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13104/0001-CVE-2019-13104-ext4-check-for-underflow-in-ext4fs_re.patch
new file mode 100644
index 000000000..fbb9098fe
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13104/0001-CVE-2019-13104-ext4-check-for-underflow-in-ext4fs_re.patch
@@ -0,0 +1,41 @@
+From 878269dbe74229005dd7f27aca66c554e31dad8e Mon Sep 17 00:00:00 2001
+From: Paul Emge <paulemge@forallsecure.com>
+Date: Mon, 8 Jul 2019 16:37:05 -0700
+Subject: [PATCH] CVE-2019-13104: ext4: check for underflow in ext4fs_read_file
+
+in ext4fs_read_file, it is possible for a broken/malicious file
+system to cause a memcpy of a negative number of bytes, which
+overflows all memory. This patch fixes the issue by checking for
+a negative length.
+
+Signed-off-by: Paul Emge <paulemge@forallsecure.com>
+---
+ fs/ext4/ext4fs.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
+index 85dc122f3003..e2b740cac405 100644
+--- a/fs/ext4/ext4fs.c
++++ b/fs/ext4/ext4fs.c
+@@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
+ 
+ 	ext_cache_init(&cache);
+ 
+-	if (blocksize <= 0)
+-		return -1;
+-
+ 	/* Adjust len so it we can't read past the end of the file. */
+ 	if (len + pos > filesize)
+ 		len = (filesize - pos);
+ 
++	if (blocksize <= 0 || len <= 0) {
++		ext_cache_fini(&cache);
++		return -1;
++	}
++
+ 	blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
+ 
+ 	for (i = lldiv(pos, blocksize); i < blockcnt; i++) {
+-- 
+2.17.1
+