diff options
Diffstat (limited to 'meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch')
-rw-r--r-- | meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch b/meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch deleted file mode 100644 index 8e1a1a9943..0000000000 --- a/meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 1307dabf5422372483f840dda3963f9dbd2e8e6f Mon Sep 17 00:00:00 2001 -From: Paul Emge <paulemge@forallsecure.com> -Date: Mon, 8 Jul 2019 16:37:07 -0700 -Subject: [PATCH 4/9] CVE-2019-13106: ext4: fix out-of-bounds memset - -In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of -the destination memory region. This patch adds a check to disallow -this. - -Signed-off-by: Paul Emge <paulemge@forallsecure.com> - -Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; - h=e205896c5383c938274262524adceb2775fb03ba] - -CVE: CVE-2019-13106 - -Signed-off-by: Meng Li <Meng.Li@windriver.com> ---- - fs/ext4/ext4fs.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c -index e2b740cac4..37b31d9f0f 100644 ---- a/fs/ext4/ext4fs.c -+++ b/fs/ext4/ext4fs.c -@@ -61,6 +61,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, - lbaint_t delayed_skipfirst = 0; - lbaint_t delayed_next = 0; - char *delayed_buf = NULL; -+ char *start_buf = buf; - short status; - struct ext_block_cache cache; - -@@ -139,6 +140,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, - } - } else { - int n; -+ int n_left; - if (previous_block_number != -1) { - /* spill */ - status = ext4fs_devread(delayed_start, -@@ -153,8 +155,9 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, - } - /* Zero no more than `len' bytes. */ - n = blocksize - skipfirst; -- if (n > len) -- n = len; -+ n_left = len - ( buf - start_buf ); -+ if (n > n_left) -+ n = n_left; - memset(buf, 0, n); - } - buf += blocksize - skipfirst; --- -2.17.1 - |