aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch')
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch40
1 files changed, 33 insertions, 7 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
index 0dabfba663..a5cdecf95b 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
@@ -1,7 +1,11 @@
+From fef997df2a1d6609af55e30eb67b65c786588fcb Mon Sep 17 00:00:00 2001
+From: "yanjun.zhu" <yanjun.zhu@windriver.com>
+Date: Wed, 20 May 2015 18:18:47 +0200
+Subject: [PATCH 4/4] Fix CVE-2012-4025
+
Upstream-Status: Backport
-Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
-p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e
+Reference: https://github.com/plougher/squashfs-tools/commit/8515b3d420f502c5c0236b86e2d6d7e3b23c190e
Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
@@ -10,10 +14,29 @@ superblock of a .sqsh file, leading to a heap-based buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025
-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+Signed-off-by: Martin Jansa <martin.jansa@lge.com>
+---
+ squashfs-tools/squashfs_fs.h | 1 +
+ squashfs-tools/unsquashfs.c | 110 +++++++++++++++++++++++++++++++++++++++----
+ 2 files changed, 103 insertions(+), 8 deletions(-)
---- a/unsquashfs.c 2012-11-30 17:57:57.000000000 +0800
-+++ b/unsquashfs.c 2012-11-30 17:58:09.000000000 +0800
+diff --git a/squashfs_fs.h b/squashfs_fs.h
+index d4fba1b..6227be2 100644
+--- a/squashfs_fs.h
++++ b/squashfs_fs.h
+@@ -39,6 +39,7 @@
+ #define SQUASHFS_FILE_LOG 17
+
+ #define SQUASHFS_FILE_MAX_SIZE 1048576
++#define SQUASHFS_FILE_MAX_LOG 20
+
+ /* Max number of uids and gids */
+ #define SQUASHFS_IDS 65536
+diff --git a/unsquashfs.c b/unsquashfs.c
+index 4fc04e8..078d6ca 100644
+--- a/unsquashfs.c
++++ b/unsquashfs.c
@@ -33,6 +33,7 @@
#include <sys/types.h>
#include <sys/time.h>
@@ -58,7 +81,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
queue->data = malloc(sizeof(void *) * (size + 1));
if(queue->data == NULL)
EXIT_UNSQUASH("Out of memory in queue_init\n");
-@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buf
+@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size)
* allocate to_reader, to_deflate and to_writer queues. Set based on
* open file limit and cache size, unless open file limit is unlimited,
* in which case set purely based on cache limits
@@ -90,7 +113,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
to_reader = queue_init(all_buffers_size);
to_deflate = queue_init(all_buffers_size);
-@@ -2059,6 +2099,32 @@ void progress_bar(long long current, lon
+@@ -2059,6 +2099,32 @@ void progress_bar(long long current, long long max, int columns)
}
@@ -188,3 +211,6 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
initialise_threads(fragment_buffer_size, data_buffer_size);
fragment_data = malloc(block_size);
+--
+2.1.4
+