diff options
Diffstat (limited to 'poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch')
-rw-r--r-- | poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch b/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch deleted file mode 100644 index b2f40f3e64..0000000000 --- a/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff <gray@gnu.org> -Date: Sat, 11 Feb 2023 11:57:39 +0200 -Subject: Fix boundary checking in base-256 decoder - -* src/list.c (from_header): Base-256 encoding is at least 2 bytes -long. - -Upstream-Status: Backport [see reference below] -CVE: CVE-2022-48303 - -Reference to upstream patch: -https://savannah.gnu.org/bugs/?62387 -https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8 - -Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com> -Signed-off-by: Joe Slater <joe.slater@windriver.com> ---- - src/list.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com> - - -(limited to 'src/list.c') - -diff --git a/src/list.c b/src/list.c -index 9fafc42..86bcfdd 100644 ---- a/src/list.c -+++ b/src/list.c -@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type, - where++; - } - } -- else if (*where == '\200' /* positive base-256 */ -- || *where == '\377' /* negative base-256 */) -+ else if (where <= lim - 2 -+ && (*where == '\200' /* positive base-256 */ -+ || *where == '\377' /* negative base-256 */)) - { - /* Parse base-256 output. A nonnegative number N is - represented as (256**DIGS)/2 + N; a negative number -N is --- -cgit v1.1 - |