diff options
Diffstat (limited to 'meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch')
-rw-r--r-- | meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch index 8b9904fd56..52af60206a 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch @@ -1,7 +1,12 @@ +From bf9776123b854ce30a21403e4df4d4f5deb6af91 Mon Sep 17 00:00:00 2001 +From: "yanjun.zhu" <yanjun.zhu@windriver.com> +Date: Wed, 20 May 2015 18:14:12 +0200 +Subject: [PATCH 3/4] Fix CVE-2012-4024 + Upstream-Status: Backport -Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p= -squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123 +Reference: +https://github.com/plougher/squashfs-tools/commit/19c38fba0be1ce949ab44310d7f49887576cc123 Fix potential stack overflow in get_component() where an individual pathname component in an extract file (specified on the command line @@ -12,10 +17,16 @@ Fix by dynamically allocating targname rather than storing it as a fixed size on the stack. Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> -diff -urpN a/unsquashfs.c b/unsquashfs.c ---- a/unsquashfs.c 2012-11-29 17:04:08.000000000 +0800 -+++ b/unsquashfs.c 2012-11-29 17:04:25.000000000 +0800 -@@ -1034,15 +1034,18 @@ void squashfs_closedir(struct dir *dir) +Signed-off-by: Martin Jansa <martin.jansa@lge.com> +--- + squashfs-tools/unsquashfs.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/unsquashfs.c b/unsquashfs.c +index d532486..4fc04e8 100644 +--- a/unsquashfs.c ++++ b/unsquashfs.c +@@ -1076,15 +1076,18 @@ void squashfs_closedir(struct dir *dir) } @@ -37,7 +48,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c return target; } -@@ -1068,12 +1071,12 @@ void free_path(struct pathname *paths) +@@ -1110,12 +1113,12 @@ void free_path(struct pathname *paths) struct pathname *add_path(struct pathname *paths, char *target, char *alltarget) { @@ -52,7 +63,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c if(paths == NULL) { paths = malloc(sizeof(struct pathname)); -@@ -1097,7 +1100,7 @@ struct pathname *add_path(struct pathnam +@@ -1139,7 +1142,7 @@ struct pathname *add_path(struct pathname *paths, char *target, char *alltarget) sizeof(struct path_entry)); if(paths->name == NULL) EXIT_UNSQUASH("Out of memory in add_path\n"); @@ -61,7 +72,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c paths->name[i].paths = NULL; if(use_regex) { paths->name[i].preg = malloc(sizeof(regex_t)); -@@ -1130,6 +1133,8 @@ struct pathname *add_path(struct pathnam +@@ -1172,6 +1175,8 @@ struct pathname *add_path(struct pathname *paths, char *target, char *alltarget) /* * existing matching entry */ @@ -70,3 +81,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c if(paths->name[i].paths == NULL) { /* * No sub-directory which means this is the leaf +-- +2.1.4 + |