]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 844223c) | patch
squashfs: fix for CVE-2012-4024
authoryanjun.zhu <yanjun.zhu@windriver.com>
Fri, 30 Nov 2012 11:41:23 +0000 (19:41 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 3 Dec 2012 15:20:34 +0000 (15:20 +0000)
commit972ea6c674e10cf23bedbbc581b78baa3f7c7b9b
treed7bb3e01da4594f3bd3dfe0e32013a7df834debftree | snapshot
parent844223c8485f4387d938981ff3dfa0e249040b53commit | diff
squashfs: fix for CVE-2012-4024

Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=
squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123

Fix potential stack overflow in get_component() where an individual
pathname component in an extract file (specified on the command line
or in an extract file) could exceed the 1024 byte sized targname
allocated on the stack.

Fix by dynamically allocating targname rather than storing it as
a fixed size on the stack.

[YOCTO #3513]

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/squashfs-tools/patches/squashfs-4.2-fix-CVE-2012-4024.patch [new file with mode: 0644] blob
meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb diff | blob | history
Mirror of the official openembedded-core repository