]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a1ef9a5) | patch
squashfs: fix for CVE-2012-4024
authoryanjun.zhu <yanjun.zhu@windriver.com>
Fri, 30 Nov 2012 11:41:23 +0000 (19:41 +0800)
committerRoss Burton <ross.burton@intel.com>
Wed, 5 Dec 2012 12:51:55 +0000 (12:51 +0000)
commita45ec682748b0d6e5bb21af04d205edb5ef1360e
tree33efe76e1a710463daab6b26a0844e5d1b480fd3tree | snapshot
parenta1ef9a5f647abfafd337b22b6353848962bcb00dcommit | diff
squashfs: fix for CVE-2012-4024

Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=
squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123

Fix potential stack overflow in get_component() where an individual
pathname component in an extract file (specified on the command line
or in an extract file) could exceed the 1024 byte sized targname
allocated on the stack.

Fix by dynamically allocating targname rather than storing it as
a fixed size on the stack.

[YOCTO #3513]

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/squashfs-tools/patches/squashfs-4.2-fix-CVE-2012-4024.patch [new file with mode: 0644] blob
meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb diff | blob | history
Mirror of the official openembedded-core repository