summaryrefslogtreecommitdiffstats
path: root/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch')
-rw-r--r--meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch b/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch
new file mode 100644
index 0000000000..f525147e57
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch
@@ -0,0 +1,37 @@
+From 4e937d0de669ee69cf41c20494cbf66c339c3174 Mon Sep 17 00:00:00 2001
+From: Paul Emge <paulemge@forallsecure.com>
+Date: Mon, 8 Jul 2019 16:37:04 -0700
+Subject: [PATCH 3/9] CVE-2019-13105: ext4: fix double-free in ext4_cache_read
+
+ext_cache_read doesn't null cache->buf, after freeing, which results
+in a later function double-freeing it. This patch fixes
+ext_cache_read to call ext_cache_fini instead of free.
+
+Signed-off-by: Paul Emge <paulemge@forallsecure.com>
+
+Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
+ h=6e5a79de658cb1c8012c86e0837379aa6eabd024]
+
+CVE: CVE-2019-13105
+
+Signed-off-by: Meng Li <Meng.Li@windriver.com>
+---
+ fs/ext4/ext4fs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
+index c8c8655ed8..e2b740cac4 100644
+--- a/fs/ext4/ext4fs.c
++++ b/fs/ext4/ext4fs.c
+@@ -288,7 +288,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
+ if (!cache->buf)
+ return 0;
+ if (!ext4fs_devread(block, 0, size, cache->buf)) {
+- free(cache->buf);
++ ext_cache_fini(cache);
+ return 0;
+ }
+ cache->block = block;
+--
+2.17.1
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-02 12:55:35 +0000