diff options
Diffstat (limited to 'meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch')
-rw-r--r-- | meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch index 0dabfba663..a5cdecf95b 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch @@ -1,7 +1,11 @@ +From fef997df2a1d6609af55e30eb67b65c786588fcb Mon Sep 17 00:00:00 2001 +From: "yanjun.zhu" <yanjun.zhu@windriver.com> +Date: Wed, 20 May 2015 18:18:47 +0200 +Subject: [PATCH 4/4] Fix CVE-2012-4025 + Upstream-Status: Backport -Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi? -p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e +Reference: https://github.com/plougher/squashfs-tools/commit/8515b3d420f502c5c0236b86e2d6d7e3b23c190e Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers @@ -10,10 +14,29 @@ superblock of a .sqsh file, leading to a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025 -Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> +Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> +Signed-off-by: Martin Jansa <martin.jansa@lge.com> +--- + squashfs-tools/squashfs_fs.h | 1 + + squashfs-tools/unsquashfs.c | 110 +++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 103 insertions(+), 8 deletions(-) ---- a/unsquashfs.c 2012-11-30 17:57:57.000000000 +0800 -+++ b/unsquashfs.c 2012-11-30 17:58:09.000000000 +0800 +diff --git a/squashfs_fs.h b/squashfs_fs.h +index d4fba1b..6227be2 100644 +--- a/squashfs_fs.h ++++ b/squashfs_fs.h +@@ -39,6 +39,7 @@ + #define SQUASHFS_FILE_LOG 17 + + #define SQUASHFS_FILE_MAX_SIZE 1048576 ++#define SQUASHFS_FILE_MAX_LOG 20 + + /* Max number of uids and gids */ + #define SQUASHFS_IDS 65536 +diff --git a/unsquashfs.c b/unsquashfs.c +index 4fc04e8..078d6ca 100644 +--- a/unsquashfs.c ++++ b/unsquashfs.c @@ -33,6 +33,7 @@ #include <sys/types.h> #include <sys/time.h> @@ -58,7 +81,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> queue->data = malloc(sizeof(void *) * (size + 1)); if(queue->data == NULL) EXIT_UNSQUASH("Out of memory in queue_init\n"); -@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buf +@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size) * allocate to_reader, to_deflate and to_writer queues. Set based on * open file limit and cache size, unless open file limit is unlimited, * in which case set purely based on cache limits @@ -90,7 +113,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> to_reader = queue_init(all_buffers_size); to_deflate = queue_init(all_buffers_size); -@@ -2059,6 +2099,32 @@ void progress_bar(long long current, lon +@@ -2059,6 +2099,32 @@ void progress_bar(long long current, long long max, int columns) } @@ -188,3 +211,6 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> initialise_threads(fragment_buffer_size, data_buffer_size); fragment_data = malloc(block_size); +-- +2.1.4 + |