diff options
author | Limeng <Meng.Li@windriver.com> | 2019-09-26 09:46:07 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-09-27 13:02:16 +0100 |
commit | 205069a9e858c595989335af32319c4720242bfd (patch) | |
tree | cca193e0e3840bed02fe0c46818e5108f23f9f3d /meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch | |
parent | 91b787334a84c2f0475eb4af5883b3837023aa61 (diff) | |
download | poky-205069a9e858c595989335af32319c4720242bfd.tar.gz |
u-boot: add CVE patches for u-boot
Add 9 patches to fix below CVE issues.
CVE-2019-13103
CVE-2019-13104
CVE-2019-13105
CVE-2019-13106
CVE-2019-14192
CVE-2019-14193
CVE-2019-14194
CVE-2019-14195
CVE-2019-14196
CVE-2019-14197
CVE-2019-14198
CVE-2019-14199
CVE-2019-14200
CVE-2019-14201
CVE-2019-14202
CVE-2019-14203
CVE-2019-14204
(From OE-Core rev: db22dbe158dcb2298bfd74ff6cbba31f67488035)
Signed-off-by: Meng Li <Meng.Li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch')
-rw-r--r-- | meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch b/meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch new file mode 100644 index 0000000000..04a09e46df --- /dev/null +++ b/meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | From 261658ddaf24bb35edd477cf09ec055569fd9894 Mon Sep 17 00:00:00 2001 | ||
2 | From: "liucheng (G)" <liucheng32@huawei.com> | ||
3 | Date: Thu, 29 Aug 2019 13:47:40 +0000 | ||
4 | Subject: [PATCH 6/9] CVE: nfs: fix stack-based buffer overflow in some | ||
5 | nfs_handler reply helper functions | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | This patch adds a check to nfs_handler to fix buffer overflow for CVE-2019-14197, | ||
11 | CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204. | ||
12 | |||
13 | Signed-off-by: Cheng Liu <liucheng32@huawei.com> | ||
14 | Reported-by: FermÃn Serna <fermin@semmle.com> | ||
15 | Acked-by: Joe Hershberger <joe.hershberger@ni.com> | ||
16 | |||
17 | Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; | ||
18 | h=741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21] | ||
19 | |||
20 | CVE: CVE-2019-14197, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, | ||
21 | CVE-2019-14203 and CVE-2019-14204 | ||
22 | |||
23 | Signed-off-by: Meng Li <Meng.Li@windriver.com> | ||
24 | --- | ||
25 | net/nfs.c | 3 +++ | ||
26 | 1 file changed, 3 insertions(+) | ||
27 | |||
28 | diff --git a/net/nfs.c b/net/nfs.c | ||
29 | index d6a7f8e827..b7cf3b3a18 100644 | ||
30 | --- a/net/nfs.c | ||
31 | +++ b/net/nfs.c | ||
32 | @@ -732,6 +732,9 @@ static void nfs_handler(uchar *pkt, unsigned dest, struct in_addr sip, | ||
33 | |||
34 | debug("%s\n", __func__); | ||
35 | |||
36 | + if (len > sizeof(struct rpc_t)) | ||
37 | + return; | ||
38 | + | ||
39 | if (dest != nfs_our_port) | ||
40 | return; | ||
41 | |||
42 | -- | ||
43 | 2.17.1 | ||
44 | |||