From d7d278286d4dea215f3e8fbff59a9e95056cb7f4 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Thu, 26 Aug 2021 19:09:18 -0700 Subject: lz4: Security Fix for CVE-2021-3520 Source: https://github.com/lz4/lz4 MR: 111604 Type: Security Fix Disposition: Backport from https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7 ChangeID: 58492f950164e75954a97cf084df6f9af3d88244 Description: Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie (cherry picked from commit 6d6a089a2f637051333e0137d2e748c823e2aa98) Signed-off-by: Anuj Mittal --- meta/recipes-support/lz4/files/CVE-2021-3520.patch | 27 ++++++++++++++++++++++ meta/recipes-support/lz4/lz4_1.9.3.bb | 1 + 2 files changed, 28 insertions(+) create mode 100644 meta/recipes-support/lz4/files/CVE-2021-3520.patch diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/meta/recipes-support/lz4/files/CVE-2021-3520.patch new file mode 100644 index 0000000000..5ac8f6691f --- /dev/null +++ b/meta/recipes-support/lz4/files/CVE-2021-3520.patch @@ -0,0 +1,27 @@ +From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 +From: Jasper Lievisse Adriaanse +Date: Fri, 26 Feb 2021 15:21:20 +0100 +Subject: [PATCH] Fix potential memory corruption with negative memmove() size + +Upstream-Status: Backport +https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7 +CVE: CVE-2021-3520 +Signed-off-by: Armin Kuster + +--- + lib/lz4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: git/lib/lz4.c +=================================================================== +--- git.orig/lib/lz4.c ++++ git/lib/lz4.c +@@ -1665,7 +1665,7 @@ LZ4_decompress_generic( + const size_t dictSize /* note : = 0 if noDict */ + ) + { +- if (src == NULL) { return -1; } ++ if ((src == NULL) || (outputSize < 0)) { return -1; } + + { const BYTE* ip = (const BYTE*) src; + const BYTE* const iend = ip + srcSize; diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.3.bb index effc530b94..9d5dc0253a 100644 --- a/meta/recipes-support/lz4/lz4_1.9.3.bb +++ b/meta/recipes-support/lz4/lz4_1.9.3.bb @@ -14,6 +14,7 @@ SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3" SRC_URI = "git://github.com/lz4/lz4.git;branch=release \ file://run-ptest \ + file://CVE-2021-3520.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)" -- cgit 1.2.3-korg