diff options
| author | Armin Kuster <akuster@mvista.com> | 2021-08-26 17:03:09 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-08 23:47:30 +0100 |
| commit | 2a01b629de38101f0a285e2d325a8cbaa0a01c53 (patch) | |
| tree | ba6a97120de573f5233eed868644494ce3f515fe | |
| parent | 043cb19a0d5db16dffd6a821034d5abeee2ad943 (diff) | |
| download | poky-2a01b629de38101f0a285e2d325a8cbaa0a01c53.tar.gz | |
lz4: Security Fix for CVE-2021-3520
Source: https://github.com/lz4/lz4
MR: 111604
Type: Security Fix
Disposition: Backport from https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7
ChangeID: 58492f950164e75954a97cf084df6f9af3d88244
Description:
(From OE-Core rev: 00acbc19a48e2b03c910ff5dc62e51eda32bdf03)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-support/lz4/files/CVE-2021-3520.patch | 27 | ||||
| -rw-r--r-- | meta/recipes-support/lz4/lz4_1.9.2.bb | 1 |
2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/meta/recipes-support/lz4/files/CVE-2021-3520.patch new file mode 100644 index 0000000000..5ac8f6691f --- /dev/null +++ b/meta/recipes-support/lz4/files/CVE-2021-3520.patch | |||
| @@ -0,0 +1,27 @@ | |||
| 1 | From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jasper Lievisse Adriaanse <j@jasper.la> | ||
| 3 | Date: Fri, 26 Feb 2021 15:21:20 +0100 | ||
| 4 | Subject: [PATCH] Fix potential memory corruption with negative memmove() size | ||
| 5 | |||
| 6 | Upstream-Status: Backport | ||
| 7 | https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7 | ||
| 8 | CVE: CVE-2021-3520 | ||
| 9 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 10 | |||
| 11 | --- | ||
| 12 | lib/lz4.c | 2 +- | ||
| 13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 14 | |||
| 15 | Index: git/lib/lz4.c | ||
| 16 | =================================================================== | ||
| 17 | --- git.orig/lib/lz4.c | ||
| 18 | +++ git/lib/lz4.c | ||
| 19 | @@ -1665,7 +1665,7 @@ LZ4_decompress_generic( | ||
| 20 | const size_t dictSize /* note : = 0 if noDict */ | ||
| 21 | ) | ||
| 22 | { | ||
| 23 | - if (src == NULL) { return -1; } | ||
| 24 | + if ((src == NULL) || (outputSize < 0)) { return -1; } | ||
| 25 | |||
| 26 | { const BYTE* ip = (const BYTE*) src; | ||
| 27 | const BYTE* const iend = ip + srcSize; | ||
diff --git a/meta/recipes-support/lz4/lz4_1.9.2.bb b/meta/recipes-support/lz4/lz4_1.9.2.bb index 20719fcc58..546bed39b0 100644 --- a/meta/recipes-support/lz4/lz4_1.9.2.bb +++ b/meta/recipes-support/lz4/lz4_1.9.2.bb | |||
| @@ -14,6 +14,7 @@ SRCREV = "fdf2ef5809ca875c454510610764d9125ef2ebbd" | |||
| 14 | 14 | ||
| 15 | SRC_URI = "git://github.com/lz4/lz4.git;branch=dev \ | 15 | SRC_URI = "git://github.com/lz4/lz4.git;branch=dev \ |
| 16 | file://run-ptest \ | 16 | file://run-ptest \ |
| 17 | file://CVE-2021-3520.patch \ | ||
| 17 | " | 18 | " |
| 18 | UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" | 19 | UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" |
| 19 | 20 | ||