diff options
Diffstat (limited to 'poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch')
-rw-r--r-- | poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch b/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch new file mode 100644 index 000000000..de122b27d --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch @@ -0,0 +1,49 @@ +From 1d36545e43003f4b1bb3a303a3b468abd482fa2f Mon Sep 17 00:00:00 2001 +From: Paul Emge <paulemge@forallsecure.com> +Date: Mon, 8 Jul 2019 16:37:05 -0700 +Subject: [PATCH 2/9] CVE-2019-13104: ext4: check for underflow in + ext4fs_read_file + +in ext4fs_read_file, it is possible for a broken/malicious file +system to cause a memcpy of a negative number of bytes, which +overflows all memory. This patch fixes the issue by checking for +a negative length. + +Signed-off-by: Paul Emge <paulemge@forallsecure.com> + +Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; + h=878269dbe74229005dd7f27aca66c554e31dad8e] + +CVE: CVE-2019-13104 + +Signed-off-by: Meng Li <Meng.Li@windriver.com> +--- + fs/ext4/ext4fs.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c +index 26db677a1f..c8c8655ed8 100644 +--- a/fs/ext4/ext4fs.c ++++ b/fs/ext4/ext4fs.c +@@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + + ext_cache_init(&cache); + +- if (blocksize <= 0) +- return -1; +- + /* Adjust len so it we can't read past the end of the file. */ + if (len + pos > filesize) + len = (filesize - pos); + ++ if (blocksize <= 0 || len <= 0) { ++ ext_cache_fini(&cache); ++ return -1; ++ } ++ + blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize); + + for (i = lldiv(pos, blocksize); i < blockcnt; i++) { +-- +2.17.1 + |