diff options
Diffstat (limited to 'meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch')
-rw-r--r-- | meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch b/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch new file mode 100644 index 0000000000..f525147e57 --- /dev/null +++ b/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 4e937d0de669ee69cf41c20494cbf66c339c3174 Mon Sep 17 00:00:00 2001 | ||
2 | From: Paul Emge <paulemge@forallsecure.com> | ||
3 | Date: Mon, 8 Jul 2019 16:37:04 -0700 | ||
4 | Subject: [PATCH 3/9] CVE-2019-13105: ext4: fix double-free in ext4_cache_read | ||
5 | |||
6 | ext_cache_read doesn't null cache->buf, after freeing, which results | ||
7 | in a later function double-freeing it. This patch fixes | ||
8 | ext_cache_read to call ext_cache_fini instead of free. | ||
9 | |||
10 | Signed-off-by: Paul Emge <paulemge@forallsecure.com> | ||
11 | |||
12 | Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; | ||
13 | h=6e5a79de658cb1c8012c86e0837379aa6eabd024] | ||
14 | |||
15 | CVE: CVE-2019-13105 | ||
16 | |||
17 | Signed-off-by: Meng Li <Meng.Li@windriver.com> | ||
18 | --- | ||
19 | fs/ext4/ext4fs.c | 2 +- | ||
20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c | ||
23 | index c8c8655ed8..e2b740cac4 100644 | ||
24 | --- a/fs/ext4/ext4fs.c | ||
25 | +++ b/fs/ext4/ext4fs.c | ||
26 | @@ -288,7 +288,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size) | ||
27 | if (!cache->buf) | ||
28 | return 0; | ||
29 | if (!ext4fs_devread(block, 0, size, cache->buf)) { | ||
30 | - free(cache->buf); | ||
31 | + ext_cache_fini(cache); | ||
32 | return 0; | ||
33 | } | ||
34 | cache->block = block; | ||
35 | -- | ||
36 | 2.17.1 | ||
37 | |||