]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 42e0321) | patch
squashfs: fix for CVE-2012-4024
authoryanjun.zhu <yanjun.zhu@windriver.com>
Fri, 30 Nov 2012 11:41:23 +0000 (19:41 +0800)
committerScott Garman <scott.a.garman@intel.com>
Fri, 30 Nov 2012 22:51:10 +0000 (14:51 -0800)
commitd35560f33f257bd12a07c7c0be770319086d6ad9
treeb288ddc7d1b6cb7ba3f27100e8058b3001c783adtree | snapshot
parent42e03215cc494f1508b96c2bb63243a02e5ef812commit | diff
squashfs: fix for CVE-2012-4024

Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=
squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123

Fix potential stack overflow in get_component() where an individual
pathname component in an extract file (specified on the command line
or in an extract file) could exceed the 1024 byte sized targname
allocated on the stack.

Fix by dynamically allocating targname rather than storing it as
a fixed size on the stack.

[YOCTO #3513]

Fixes denzil [YOCTO #3520]

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
meta/recipes-devtools/squashfs-tools/patches/squashfs-4.2-fix-CVE-2012-4024.patch [new file with mode: 0644] blob
meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb diff | blob | history
Mirror of the official openembedded-core repository