diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2022-08-17 14:35:05 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-08-22 14:29:48 +0100 |
commit | 98dd6e4cac39cde42080814da2a5669760af25ff (patch) | |
tree | 53daa5c03ecd43f36e446b64af49ca70c7142ad6 | |
parent | ae4acc9f81e8e28c0e29a5924a6d7ab6ea5aaab9 (diff) | |
download | poky-98dd6e4cac39cde42080814da2a5669760af25ff.tar.gz |
zlib: CVE-2022-37434 a heap-based buffer over-read
Source: https://github.com/madler/zlib
MR: 120531
Type: Security Fix
Disposition: Backport from https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 & https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
ChangeID: 364c17d74213c64fe40b9b37ee78aa172ff93acf
Description:
CVE-2022-37434 zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
(From OE-Core rev: 10ed7cf347d9e73b29e4a3f6ef77e0a4b08e350b)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/zlib/zlib/CVE-2022-37434.patch | 44 | ||||
-rw-r--r-- | meta/recipes-core/zlib/zlib_1.2.11.bb | 1 |
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch b/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch new file mode 100644 index 0000000000..d29e6e0f1f --- /dev/null +++ b/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | From 8617d83d6939754ae3a04fc2d22daa18eeea2a43 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Wed, 17 Aug 2022 10:15:57 +0530 | ||
4 | Subject: [PATCH] CVE-2022-37434 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 & https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d] | ||
7 | CVE: CVE-2022-37434 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | |||
10 | Fix a bug when getting a gzip header extra field with inflate(). | ||
11 | |||
12 | If the extra field was larger than the space the user provided with | ||
13 | inflateGetHeader(), and if multiple calls of inflate() delivered | ||
14 | the extra header data, then there could be a buffer overflow of the | ||
15 | provided space. This commit assures that provided space is not | ||
16 | exceeded. | ||
17 | |||
18 | Fix extra field processing bug that dereferences NULL state->head. | ||
19 | |||
20 | The recent commit to fix a gzip header extra field processing bug | ||
21 | introduced the new bug fixed here. | ||
22 | --- | ||
23 | inflate.c | 5 +++-- | ||
24 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
25 | |||
26 | diff --git a/inflate.c b/inflate.c | ||
27 | index ac333e8..cd01857 100644 | ||
28 | --- a/inflate.c | ||
29 | +++ b/inflate.c | ||
30 | @@ -759,8 +759,9 @@ int flush; | ||
31 | if (copy > have) copy = have; | ||
32 | if (copy) { | ||
33 | if (state->head != Z_NULL && | ||
34 | - state->head->extra != Z_NULL) { | ||
35 | - len = state->head->extra_len - state->length; | ||
36 | + state->head->extra != Z_NULL && | ||
37 | + (len = state->head->extra_len - state->length) < | ||
38 | + state->head->extra_max) { | ||
39 | zmemcpy(state->head->extra + len, next, | ||
40 | len + copy > state->head->extra_max ? | ||
41 | state->head->extra_max - len : copy); | ||
42 | -- | ||
43 | 2.25.1 | ||
44 | |||
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb index bc42cd64e9..e2fbc12bd8 100644 --- a/meta/recipes-core/zlib/zlib_1.2.11.bb +++ b/meta/recipes-core/zlib/zlib_1.2.11.bb | |||
@@ -10,6 +10,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \ | |||
10 | file://ldflags-tests.patch \ | 10 | file://ldflags-tests.patch \ |
11 | file://CVE-2018-25032.patch \ | 11 | file://CVE-2018-25032.patch \ |
12 | file://run-ptest \ | 12 | file://run-ptest \ |
13 | file://CVE-2022-37434.patch \ | ||
13 | " | 14 | " |
14 | UPSTREAM_CHECK_URI = "http://zlib.net/" | 15 | UPSTREAM_CHECK_URI = "http://zlib.net/" |
15 | 16 | ||