diff options
Diffstat (limited to 'meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch')
-rw-r--r-- | meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch new file mode 100644 index 0000000000..6b230b35c6 --- /dev/null +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch @@ -0,0 +1,108 @@ +The commit is required by the fix for CVE-2021-41072. + +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001 +From: Phillip Lougher <phillip@squashfs.org.uk> +Date: Sun, 12 Sep 2021 20:09:13 +0100 +Subject: [PATCH] unsquashfs: dynamically allocate name + +Dynamically allocate name rather than store it +directly in structure. + +Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> +--- + squashfs-tools/unsquash-1.c | 2 +- + squashfs-tools/unsquash-1234.c | 5 +++++ + squashfs-tools/unsquash-2.c | 2 +- + squashfs-tools/unsquash-3.c | 2 +- + squashfs-tools/unsquash-4.c | 2 +- + squashfs-tools/unsquashfs.h | 2 +- + 6 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index 7598499..d0121c6 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + dir->dirs = new_dir; + } + +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index 0c8dfbb..ac46d9d 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -60,6 +60,11 @@ int check_name(char *name, int size) + + void squashfs_closedir(struct dir *dir) + { ++ int i; ++ ++ for(i = 0; i < dir->dir_count; i++) ++ free(dir->dirs[i].name); ++ + free(dir->dirs); + free(dir); + } +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index 86f62ba..e847980 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -452,7 +452,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + dir->dirs = new_dir; + } + +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index c04aa9e..8223f27 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -486,7 +486,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + dir->dirs = new_dir; + } + +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index ff62dcc..1e199a7 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -423,7 +423,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + dir->dirs = new_dir; + } + +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index 5ecb2ab..583fbe4 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -164,7 +164,7 @@ struct queue { + #define DIR_ENT_SIZE 16 + + struct dir_ent { +- char name[SQUASHFS_NAME_LEN + 1]; ++ char *name; + unsigned int start_block; + unsigned int offset; + unsigned int type; +-- +2.17.1 + |