diff options
Diffstat (limited to 'meta/recipes-devtools/file/file/CVE-2019-8906.patch')
-rw-r--r-- | meta/recipes-devtools/file/file/CVE-2019-8906.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-devtools/file/file/CVE-2019-8906.patch b/meta/recipes-devtools/file/file/CVE-2019-8906.patch new file mode 100644 index 0000000000..1079ac6675 --- /dev/null +++ b/meta/recipes-devtools/file/file/CVE-2019-8906.patch @@ -0,0 +1,27 @@ +From 2858eaf99f6cc5aae129bcbf1e24ad160240185f Mon Sep 17 00:00:00 2001 +From: Christos Zoulas <christos@zoulas.com> +Date: Wed, 2 Jan 2019 19:44:14 +0000 +Subject: [PATCH] Avoid OOB read (found by ASAN reported by F. Alonso) + +Upstream-Status: Backport +CVE: CVE-2019-8906 +Affects < 5.36 +[Fixup for thud context] +Signed-off-by: Armin Kuster <akuster@mvista.com> +--- + src/readelf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/src/readelf.c +=================================================================== +--- git.orig/src/readelf.c ++++ git/src/readelf.c +@@ -745,7 +745,7 @@ do_core_note(struct magic_set *ms, unsig + char sbuf[512]; + struct NetBSD_elfcore_procinfo pi; + memset(&pi, 0, sizeof(pi)); +- memcpy(&pi, nbuf + doff, descsz); ++ memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi))); + + if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, " + "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)", |