diff options
author | Kai Kang <kai.kang@windriver.com> | 2021-11-18 09:53:36 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-11-24 21:12:46 +0000 |
commit | a0745dce6bf173eb72bbaa174d0bf3e172ebb7f5 (patch) | |
tree | c21209c0919c133f122b81bb2dba179b0ee39c59 /meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch | |
parent | 39ee281be1d3e155caf810123cedbf5833ce7045 (diff) | |
download | poky-a0745dce6bf173eb72bbaa174d0bf3e172ebb7f5.tar.gz |
squashfs-tools: fix CVE-2021-41072
Backport patches to fix CVE-2021-41072. And update context for verison
4.4 at same time.
CVE: CVE-2021-41072
Ref:
* https://nvd.nist.gov/vuln/detail/CVE-2021-41072
(From OE-Core rev: e95ccf6f7fe5a42fffcfa5e43087ff964622e26c)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch')
-rw-r--r-- | meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch new file mode 100644 index 0000000000..d01b5c6871 --- /dev/null +++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch | |||
@@ -0,0 +1,135 @@ | |||
1 | The commit is required by the fix for CVE-2021-41072. | ||
2 | |||
3 | Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/80b8441] | ||
4 | |||
5 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
6 | |||
7 | From 80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 Mon Sep 17 00:00:00 2001 | ||
8 | From: Phillip Lougher <phillip@squashfs.org.uk> | ||
9 | Date: Sun, 12 Sep 2021 19:58:19 +0100 | ||
10 | Subject: [PATCH] unsquashfs: use squashfs_closedir() to delete directory | ||
11 | |||
12 | Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> | ||
13 | --- | ||
14 | squashfs-tools/unsquash-1.c | 3 +-- | ||
15 | squashfs-tools/unsquash-1234.c | 11 +++++++++-- | ||
16 | squashfs-tools/unsquash-2.c | 3 +-- | ||
17 | squashfs-tools/unsquash-3.c | 3 +-- | ||
18 | squashfs-tools/unsquash-4.c | 3 +-- | ||
19 | squashfs-tools/unsquashfs.c | 7 ------- | ||
20 | squashfs-tools/unsquashfs.h | 1 + | ||
21 | 7 files changed, 14 insertions(+), 17 deletions(-) | ||
22 | |||
23 | diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c | ||
24 | index acba821..7598499 100644 | ||
25 | --- a/squashfs-tools/unsquash-1.c | ||
26 | +++ b/squashfs-tools/unsquash-1.c | ||
27 | @@ -373,8 +373,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse | ||
28 | return dir; | ||
29 | |||
30 | corrupted: | ||
31 | - free(dir->dirs); | ||
32 | - free(dir); | ||
33 | + squashfs_closedir(dir); | ||
34 | return NULL; | ||
35 | } | ||
36 | |||
37 | diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c | ||
38 | index c2d4f42..0c8dfbb 100644 | ||
39 | --- a/squashfs-tools/unsquash-1234.c | ||
40 | +++ b/squashfs-tools/unsquash-1234.c | ||
41 | @@ -25,8 +25,8 @@ | ||
42 | * unsquash-4. | ||
43 | */ | ||
44 | |||
45 | -#define TRUE 1 | ||
46 | -#define FALSE 0 | ||
47 | +#include "unsquashfs.h" | ||
48 | + | ||
49 | /* | ||
50 | * Check name for validity, name should not | ||
51 | * - be ".", "./", or | ||
52 | @@ -56,3 +56,10 @@ int check_name(char *name, int size) | ||
53 | |||
54 | return TRUE; | ||
55 | } | ||
56 | + | ||
57 | + | ||
58 | +void squashfs_closedir(struct dir *dir) | ||
59 | +{ | ||
60 | + free(dir->dirs); | ||
61 | + free(dir); | ||
62 | +} | ||
63 | diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c | ||
64 | index 0746b3d..86f62ba 100644 | ||
65 | --- a/squashfs-tools/unsquash-2.c | ||
66 | +++ b/squashfs-tools/unsquash-2.c | ||
67 | @@ -465,8 +465,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse | ||
68 | return dir; | ||
69 | |||
70 | corrupted: | ||
71 | - free(dir->dirs); | ||
72 | - free(dir); | ||
73 | + squashfs_closedir(dir); | ||
74 | return NULL; | ||
75 | } | ||
76 | |||
77 | diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c | ||
78 | index 094caaa..c04aa9e 100644 | ||
79 | --- a/squashfs-tools/unsquash-3.c | ||
80 | +++ b/squashfs-tools/unsquash-3.c | ||
81 | @@ -499,8 +499,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse | ||
82 | return dir; | ||
83 | |||
84 | corrupted: | ||
85 | - free(dir->dirs); | ||
86 | - free(dir); | ||
87 | + squashfs_closedir(dir); | ||
88 | return NULL; | ||
89 | } | ||
90 | |||
91 | diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c | ||
92 | index 3a1b9e1..ff62dcc 100644 | ||
93 | --- a/squashfs-tools/unsquash-4.c | ||
94 | +++ b/squashfs-tools/unsquash-4.c | ||
95 | @@ -436,8 +436,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse | ||
96 | return dir; | ||
97 | |||
98 | corrupted: | ||
99 | - free(dir->dirs); | ||
100 | - free(dir); | ||
101 | + squashfs_closedir(dir); | ||
102 | return NULL; | ||
103 | } | ||
104 | |||
105 | diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c | ||
106 | index 7b590bd..04be53c 100644 | ||
107 | --- a/squashfs-tools/unsquashfs.c | ||
108 | +++ b/squashfs-tools/unsquashfs.c | ||
109 | @@ -1350,13 +1350,6 @@ unsigned int *offset, unsigned int *type) | ||
110 | } | ||
111 | |||
112 | |||
113 | -void squashfs_closedir(struct dir *dir) | ||
114 | -{ | ||
115 | - free(dir->dirs); | ||
116 | - free(dir); | ||
117 | -} | ||
118 | - | ||
119 | - | ||
120 | char *get_component(char *target, char **targname) | ||
121 | { | ||
122 | char *start; | ||
123 | diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h | ||
124 | index 2e9201c..5ecb2ab 100644 | ||
125 | --- a/squashfs-tools/unsquashfs.h | ||
126 | +++ b/squashfs-tools/unsquashfs.h | ||
127 | @@ -291,4 +291,5 @@ extern long long *alloc_index_table(int); | ||
128 | |||
129 | /* unsquash-1234.c */ | ||
130 | extern int check_name(char *, int); | ||
131 | +extern void squashfs_closedir(struct dir *); | ||
132 | #endif | ||
133 | -- | ||
134 | 2.17.1 | ||
135 | |||