mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 17:59:59 +00:00
Gyorgy Sarvari
aec3f2b612
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31871 Pick the patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
35 lines
1.3 KiB
Diff
35 lines
1.3 KiB
Diff
From db29a01c413fcaaa1095284dfe31582e97d35679 Mon Sep 17 00:00:00 2001
|
|
From: Ben Hutchings <ben@decadent.org.uk>
|
|
Date: Wed, 28 Apr 2021 19:46:47 +0200
|
|
Subject: [PATCH] cpio: Fix possible crash on 64-bit systems
|
|
|
|
copyin_link() tries to allocate (unsigned int)c_filesize + 1 bytes.
|
|
If c_filesize == UINT_MAX, this works out as 0 bytes, resulting in a
|
|
null pointer and a subsequent SIGSEGV.
|
|
|
|
The previous commit made this impossible on 32-bit systems.
|
|
|
|
CVE-2021-31871
|
|
|
|
CVE: CVE-2021-31871
|
|
Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5]
|
|
|
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
---
|
|
usr/utils/cpio.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/usr/utils/cpio.c b/usr/utils/cpio.c
|
|
index cb61679..a13c876 100644
|
|
--- a/usr/utils/cpio.c
|
|
+++ b/usr/utils/cpio.c
|
|
@@ -831,7 +831,7 @@ static void copyin_link(struct new_cpio_header *file_hdr, int in_file_des)
|
|
char *link_name = NULL; /* Name of hard and symbolic links. */
|
|
int res; /* Result of various function calls. */
|
|
|
|
- link_name = (char *)xmalloc((unsigned int)file_hdr->c_filesize + 1);
|
|
+ link_name = (char *)xmalloc(file_hdr->c_filesize + 1);
|
|
link_name[file_hdr->c_filesize] = '\0';
|
|
tape_buffered_read(link_name, in_file_des, file_hdr->c_filesize);
|
|
tape_skip_padding(in_file_des, file_hdr->c_filesize);
|