klibc: patch CVE-2021-31871

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31871 Pick the patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-13 17:39:57 +00:00 · 2025-10-27 15:15:49 +01:00
parent dab398c7e0
commit aec3f2b612
2 changed files with 35 additions and 0 deletions
@@ -0,0 +1,34 @@
 From db29a01c413fcaaa1095284dfe31582e97d35679 Mon Sep 17 00:00:00 2001
 From: Ben Hutchings <ben@decadent.org.uk>
 Date: Wed, 28 Apr 2021 19:46:47 +0200
 Subject: [PATCH] cpio: Fix possible crash on 64-bit systems
 copyin_link() tries to allocate (unsigned int)c_filesize + 1 bytes.
 If c_filesize == UINT_MAX, this works out as 0 bytes, resulting in a
 null pointer and a subsequent SIGSEGV.
 The previous commit made this impossible on 32-bit systems.
 CVE-2021-31871
 CVE: CVE-2021-31871
 Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5]
 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 ---
 usr/utils/cpio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/usr/utils/cpio.c b/usr/utils/cpio.c
 index cb61679..a13c876 100644
 --- a/usr/utils/cpio.c
 +++ b/usr/utils/cpio.c
@@ -831,7 +831,7 @@ static void copyin_link(struct new_cpio_header *file_hdr, int in_file_des)
 	char *link_name = NULL;	/* Name of hard and symbolic links.  */
 	int res;		/* Result of various function calls.  */
 -	link_name = (char *)xmalloc((unsigned int)file_hdr->c_filesize + 1);
 +	link_name = (char *)xmalloc(file_hdr->c_filesize + 1);
 	link_name[file_hdr->c_filesize] = '\0';
 	tape_buffered_read(link_name, in_file_des, file_hdr->c_filesize);
 	tape_skip_padding(in_file_des, file_hdr->c_filesize);
@@ -22,6 +22,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/klibc/2.0/klibc-${PV}.tar.xz \
           file://cross-clang.patch \
           file://0001-workaround-for-overlapping-sections-in-binary.patch \
           file://CVE-2021-31870.patch \
           file://CVE-2021-31871.patch \
           "
 ARMPATCHES ?= ""