diff options
Diffstat (limited to 'meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch')
-rw-r--r-- | meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch deleted file mode 100644 index a5e5a1ba55..0000000000 --- a/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f0c5f920d0f88bd8aa376a2c05af4902789d1ef9 Mon Sep 17 00:00:00 2001 -From: Oran Agra <oran@redislabs.com> -Date: Mon, 3 May 2021 08:32:31 +0300 -Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477) - -An integer overflow bug in Redis version 6.0 or newer could be exploited using -the STRALGO LCS command to corrupt the heap and potentially result with remote -code execution. - -CVE: CVE-2021-29477 -Upstream-Status: Backport -[https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9] - -Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> - ---- - src/t_string.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/t_string.c b/src/t_string.c -index 9228c5ed0..db6f7042e 100644 ---- a/src/t_string.c -+++ b/src/t_string.c -@@ -805,7 +805,7 @@ void stralgoLCS(client *c) { - /* Setup an uint32_t array to store at LCS[i,j] the length of the - * LCS A0..i-1, B0..j-1. Note that we have a linear array here, so - * we index it as LCS[j+(blen+1)*j] */ -- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t)); -+ uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t)); - #define LCS(A,B) lcs[(B)+((A)*(blen+1))] - - /* Start building the LCS table. */ --- -2.32.0 - |