diff options
author | Dave Cobbley <david.j.cobbley@linux.intel.com> | 2018-08-14 10:05:37 -0700 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-22 21:26:31 -0400 |
commit | eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 (patch) | |
tree | de291a73dc37168da6370e2cf16c347d1eba9df8 /poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch | |
parent | 9c3cf826d853102535ead04cebc2d6023eff3032 (diff) | |
download | talos-openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.tar.gz talos-openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.zip |
[Subtree] Removing import-layers directory
As part of the move to subtrees, need to bring all the import layers
content to the top level.
Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch')
-rw-r--r-- | poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch new file mode 100644 index 000000000..0e497cc65 --- /dev/null +++ b/poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch @@ -0,0 +1,53 @@ +From: sms +Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow +Bug-Debian: http://bugs.debian.org/773722 + +The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz + +Upstream-Status: Backport +CVE: CVE-2014-8139 + +Signed-off-by: Roy Li <rongqing.li@windriver.com> + +--- a/extract.c ++++ b/extract.c +@@ -298,6 +298,8 @@ + #ifndef SFX + static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; ++ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ ++ EF block length (%u bytes) invalid (< %d)\n"; + static ZCONST char Far InvalidComprDataEAs[] = + " invalid compressed data for EAs\n"; + # if (defined(WIN32) && defined(NTSD_EAS)) +@@ -2023,7 +2025,8 @@ + ebID = makeword(ef); + ebLen = (unsigned)makeword(ef+EB_LEN); + +- if (ebLen > (ef_len - EB_HEADSIZE)) { ++ if (ebLen > (ef_len - EB_HEADSIZE)) ++ { + /* Discovered some extra field inconsistency! */ + if (uO.qflag) + Info(slide, 1, ((char *)slide, "%-22s ", +@@ -2158,11 +2161,19 @@ + } + break; + case EF_PKVMS: +- if (makelong(ef+EB_HEADSIZE) != ++ if (ebLen < 4) ++ { ++ Info(slide, 1, ++ ((char *)slide, LoadFarString(TooSmallEBlength), ++ ebLen, 4)); ++ } ++ else if (makelong(ef+EB_HEADSIZE) != + crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), + (extent)(ebLen-4))) ++ { + Info(slide, 1, ((char *)slide, + LoadFarString(BadCRC_EAs))); ++ } + break; + case EF_PKW32: + case EF_PKUNIX: |