diff options
Diffstat (limited to 'meta/recipes-devtools/file/file/CVE-2019-8906.patch')
-rw-r--r-- | meta/recipes-devtools/file/file/CVE-2019-8906.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-devtools/file/file/CVE-2019-8906.patch b/meta/recipes-devtools/file/file/CVE-2019-8906.patch new file mode 100644 index 0000000000..1079ac6675 --- /dev/null +++ b/meta/recipes-devtools/file/file/CVE-2019-8906.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | From 2858eaf99f6cc5aae129bcbf1e24ad160240185f Mon Sep 17 00:00:00 2001 | ||
2 | From: Christos Zoulas <christos@zoulas.com> | ||
3 | Date: Wed, 2 Jan 2019 19:44:14 +0000 | ||
4 | Subject: [PATCH] Avoid OOB read (found by ASAN reported by F. Alonso) | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | CVE: CVE-2019-8906 | ||
8 | Affects < 5.36 | ||
9 | [Fixup for thud context] | ||
10 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
11 | --- | ||
12 | src/readelf.c | 4 ++-- | ||
13 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
14 | |||
15 | Index: git/src/readelf.c | ||
16 | =================================================================== | ||
17 | --- git.orig/src/readelf.c | ||
18 | +++ git/src/readelf.c | ||
19 | @@ -745,7 +745,7 @@ do_core_note(struct magic_set *ms, unsig | ||
20 | char sbuf[512]; | ||
21 | struct NetBSD_elfcore_procinfo pi; | ||
22 | memset(&pi, 0, sizeof(pi)); | ||
23 | - memcpy(&pi, nbuf + doff, descsz); | ||
24 | + memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi))); | ||
25 | |||
26 | if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, " | ||
27 | "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)", | ||