diff --git a/meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31871.patch b/meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31871.patch new file mode 100644 index 0000000000..c8c40ec931 --- /dev/null +++ b/meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31871.patch @@ -0,0 +1,34 @@ +From db29a01c413fcaaa1095284dfe31582e97d35679 Mon Sep 17 00:00:00 2001 +From: Ben Hutchings +Date: Wed, 28 Apr 2021 19:46:47 +0200 +Subject: [PATCH] cpio: Fix possible crash on 64-bit systems + +copyin_link() tries to allocate (unsigned int)c_filesize + 1 bytes. +If c_filesize == UINT_MAX, this works out as 0 bytes, resulting in a +null pointer and a subsequent SIGSEGV. + +The previous commit made this impossible on 32-bit systems. + +CVE-2021-31871 + +CVE: CVE-2021-31871 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5] + +Signed-off-by: Ben Hutchings +--- + usr/utils/cpio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/usr/utils/cpio.c b/usr/utils/cpio.c +index cb61679..a13c876 100644 +--- a/usr/utils/cpio.c ++++ b/usr/utils/cpio.c +@@ -831,7 +831,7 @@ static void copyin_link(struct new_cpio_header *file_hdr, int in_file_des) + char *link_name = NULL; /* Name of hard and symbolic links. */ + int res; /* Result of various function calls. */ + +- link_name = (char *)xmalloc((unsigned int)file_hdr->c_filesize + 1); ++ link_name = (char *)xmalloc(file_hdr->c_filesize + 1); + link_name[file_hdr->c_filesize] = '\0'; + tape_buffered_read(link_name, in_file_des, file_hdr->c_filesize); + tape_skip_padding(in_file_des, file_hdr->c_filesize); diff --git a/meta-initramfs/recipes-devtools/klibc/klibc.inc b/meta-initramfs/recipes-devtools/klibc/klibc.inc index dd22282b40..ccf4a56953 100644 --- a/meta-initramfs/recipes-devtools/klibc/klibc.inc +++ b/meta-initramfs/recipes-devtools/klibc/klibc.inc @@ -22,6 +22,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/klibc/2.0/klibc-${PV}.tar.xz \ file://cross-clang.patch \ file://0001-workaround-for-overlapping-sections-in-binary.patch \ file://CVE-2021-31870.patch \ + file://CVE-2021-31871.patch \ " ARMPATCHES ?= ""