diff options
author | Kai Kang <kai.kang@windriver.com> | 2021-11-18 09:53:36 +0800 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2021-11-22 09:45:46 +0800 |
commit | e95ccf6f7fe5a42fffcfa5e43087ff964622e26c (patch) | |
tree | cd5afb0f83468d73564f16783875a7fb37410df7 /meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch | |
parent | 41ba5054fc4d014ab3a2af0cc7673e275aaecee0 (diff) | |
download | openembedded-core-contrib-e95ccf6f7fe5a42fffcfa5e43087ff964622e26c.tar.gz |
squashfs-tools: fix CVE-2021-41072
Backport patches to fix CVE-2021-41072. And update context for verison
4.4 at same time.
CVE: CVE-2021-41072
Ref:
* https://nvd.nist.gov/vuln/detail/CVE-2021-41072
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch')
-rw-r--r-- | meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch new file mode 100644 index 0000000000..0b80d07b3b --- /dev/null +++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch @@ -0,0 +1,109 @@ +The commit is required by the fix for CVE-2021-41072. Update context for +version 4.4. + +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001 +From: Phillip Lougher <phillip@squashfs.org.uk> +Date: Sun, 12 Sep 2021 20:09:13 +0100 +Subject: [PATCH] unsquashfs: dynamically allocate name + +Dynamically allocate name rather than store it +directly in structure. + +Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> +--- + squashfs-tools/unsquash-1.c | 2 +- + squashfs-tools/unsquash-1234.c | 5 +++++ + squashfs-tools/unsquash-2.c | 2 +- + squashfs-tools/unsquash-3.c | 2 +- + squashfs-tools/unsquash-4.c | 2 +- + squashfs-tools/unsquashfs.h | 2 +- + 6 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index 7598499..d0121c6 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -303,7 +303,7 @@ static struct dir *squashfs_opendir(unsi + "realloc failed!\n"); + dir->dirs = new_dir; + } +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index 0c8dfbb..ac46d9d 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -60,6 +60,11 @@ int check_name(char *name, int size) + + void squashfs_closedir(struct dir *dir) + { ++ int i; ++ ++ for(i = 0; i < dir->dir_count; i++) ++ free(dir->dirs[i].name); ++ + free(dir->dirs); + free(dir); + } +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index 86f62ba..e847980 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -404,7 +404,7 @@ static struct dir *squashfs_opendir(unsi + "realloc failed!\n"); + dir->dirs = new_dir; + } +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index c04aa9e..8223f27 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -431,7 +431,7 @@ static struct dir *squashfs_opendir(unsi + "realloc failed!\n"); + dir->dirs = new_dir; + } +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index ff62dcc..1e199a7 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -367,7 +367,7 @@ static struct dir *squashfs_opendir(unsi + "realloc failed!\n"); + dir->dirs = new_dir; + } +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index 5ecb2ab..583fbe4 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -165,7 +165,7 @@ struct queue { + #define DIR_ENT_SIZE 16 + + struct dir_ent { +- char name[SQUASHFS_NAME_LEN + 1]; ++ char *name; + unsigned int start_block; + unsigned int offset; + unsigned int type; +-- +2.17.1 + |