1 files changed, 49 insertions, 0 deletions

diff --git a/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch b/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch
new file mode 100644
index 000000000..de122b27d
--- /dev/null
+++ b/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch
@@ -0,0 +1,49 @@
+From 1d36545e43003f4b1bb3a303a3b468abd482fa2f Mon Sep 17 00:00:00 2001
+From: Paul Emge <paulemge@forallsecure.com>
+Date: Mon, 8 Jul 2019 16:37:05 -0700
+Subject: [PATCH 2/9] CVE-2019-13104: ext4: check for underflow in
+ ext4fs_read_file
+
+in ext4fs_read_file, it is possible for a broken/malicious file
+system to cause a memcpy of a negative number of bytes, which
+overflows all memory. This patch fixes the issue by checking for
+a negative length.
+
+Signed-off-by: Paul Emge <paulemge@forallsecure.com>
+
+Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
+                 h=878269dbe74229005dd7f27aca66c554e31dad8e]
+
+CVE: CVE-2019-13104
+
+Signed-off-by: Meng Li <Meng.Li@windriver.com>
+---
+ fs/ext4/ext4fs.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
+index 26db677a1f..c8c8655ed8 100644
+--- a/fs/ext4/ext4fs.c
++++ b/fs/ext4/ext4fs.c
+@@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
+ 
+ 	ext_cache_init(&cache);
+ 
+-	if (blocksize <= 0)
+-		return -1;
+-
+ 	/* Adjust len so it we can't read past the end of the file. */
+ 	if (len + pos > filesize)
+ 		len = (filesize - pos);
+ 
++	if (blocksize <= 0 || len <= 0) {
++		ext_cache_fini(&cache);
++		return -1;
++	}
++
+ 	blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
+ 
+ 	for (i = lldiv(pos, blocksize); i < blockcnt; i++) {
+-- 
+2.17.1
+