mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 12:52:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

busybox: CVE-2017-15874

Browse Source 
* CVE-2017-15874
busybox: Integer underflow in archival/libarchive/decompress_unlzma.c

(cherry picked from 9ac42c500586fa5f10a1f6d22c3f797df11b1f6b)

Affects busybox <= 1.27.2

CVE: CVE-2017-15874
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15874
(From OE-Core rev: c35a0355a3561cd17703ece3a66c3389ceb224bf)

Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Sinan Kaya
2018-09-22 02:16:48 +00:00
committed by Richard Purdie
parent af42d0cae4
commit d39e43f17f
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
meta/recipes-core/busybox/busybox/CVE-2017-15874.patch Normal file
View File

@@ -0,0 +1,30 @@
From e75c01bb3249df16201b482b79bb24bec3b58188 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Fri, 27 Oct 2017 15:37:03 +0200
Subject: [PATCH] unlzma: fix SEGV, closes 10436
Upstream-Status: Backport [ https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b]
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Sinan Kaya <okaya@kernel.org>
---
archival/libarchive/decompress_unlzma.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index 29eee2a..41e492f 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -353,6 +353,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
pos = buffer_pos - rep0;
if ((int32_t)pos < 0) {
pos += header.dict_size;
+ /* bug 10436 has an example file where this triggers: */
+ if ((int32_t)pos < 0)
+ goto bad;
+
/* see unzip_bad_lzma_2.zip: */
if (pos >= buffer_size)
goto bad;
--
2.19.0

1
meta/recipes-core/busybox/busybox_1.27.2.bb
View File

@@ -47,6 +47,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://busybox-CVE-2017-16544.patch \
file://busybox-fix-lzma-segfaults.patch \
file://umount-ignore-c.patch \
file://CVE-2017-15874.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "