diff options
Diffstat (limited to 'meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch')
-rw-r--r-- | meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch deleted file mode 100644 index 985f150f0f..0000000000 --- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | From 71c812edf1431a9967bd99ba6ffa6ab89eb7ec7c Mon Sep 17 00:00:00 2001 | ||
2 | From: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> | ||
3 | Date: Wed, 10 Jun 2015 12:56:55 +0000 | ||
4 | Subject: [PATCH 1/2] rpm: CVE-2014-8118 | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | CVE: CVE-2014-8118 | ||
8 | |||
9 | Reference: | ||
10 | https://bugzilla.redhat.com/show_bug.cgi?id=1168715 | ||
11 | |||
12 | Description: | ||
13 | It was found that RPM could encounter an integer overflow, | ||
14 | leading to a stack-based overflow, while parsing a crafted | ||
15 | CPIO header in the payload section of an RPM file. This could | ||
16 | allow an attacker to modify signed RPM files in such a way that | ||
17 | they would execute code chosen by the attacker during package | ||
18 | installation. | ||
19 | |||
20 | Original Patch: | ||
21 | https://bugzilla.redhat.com/attachment.cgi?id=962159 | ||
22 | |||
23 | Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> | ||
24 | --- | ||
25 | lib/cpio.c | 3 +++ | ||
26 | 1 file changed, 3 insertions(+) | ||
27 | |||
28 | diff --git a/lib/cpio.c b/lib/cpio.c | ||
29 | index 382eeb6..74ddd9c 100644 | ||
30 | --- a/lib/cpio.c | ||
31 | +++ b/lib/cpio.c | ||
32 | @@ -296,6 +296,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, struct stat * st) | ||
33 | st->st_rdev = makedev(major, minor); | ||
34 | |||
35 | GET_NUM_FIELD(hdr.namesize, nameSize); | ||
36 | + if (nameSize <= 0 || nameSize > 4096) { | ||
37 | + return CPIOERR_BAD_HEADER; | ||
38 | + } | ||
39 | |||
40 | *path = xmalloc(nameSize + 1); | ||
41 | read = Fread(*path, nameSize, 1, cpio->fd); | ||
42 | -- | ||
43 | 1.8.4.5 | ||
44 | |||