diff options
Diffstat (limited to 'poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch')
-rw-r--r-- | poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch b/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch deleted file mode 100644 index de122b27d0..0000000000 --- a/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 1d36545e43003f4b1bb3a303a3b468abd482fa2f Mon Sep 17 00:00:00 2001 -From: Paul Emge <paulemge@forallsecure.com> -Date: Mon, 8 Jul 2019 16:37:05 -0700 -Subject: [PATCH 2/9] CVE-2019-13104: ext4: check for underflow in - ext4fs_read_file - -in ext4fs_read_file, it is possible for a broken/malicious file -system to cause a memcpy of a negative number of bytes, which -overflows all memory. This patch fixes the issue by checking for -a negative length. - -Signed-off-by: Paul Emge <paulemge@forallsecure.com> - -Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; - h=878269dbe74229005dd7f27aca66c554e31dad8e] - -CVE: CVE-2019-13104 - -Signed-off-by: Meng Li <Meng.Li@windriver.com> ---- - fs/ext4/ext4fs.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c -index 26db677a1f..c8c8655ed8 100644 ---- a/fs/ext4/ext4fs.c -+++ b/fs/ext4/ext4fs.c -@@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, - - ext_cache_init(&cache); - -- if (blocksize <= 0) -- return -1; -- - /* Adjust len so it we can't read past the end of the file. */ - if (len + pos > filesize) - len = (filesize - pos); - -+ if (blocksize <= 0 || len <= 0) { -+ ext_cache_fini(&cache); -+ return -1; -+ } -+ - blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize); - - for (i = lldiv(pos, blocksize); i < blockcnt; i++) { --- -2.17.1 - |