mirror of
https://git.yoctoproject.org/poky
synced 2026-05-04 13:39:49 +02:00
d552f85037
This patch mitigates the vulnerability identified via CVE-2019-14196. The previous patch was bypassed/ineffective, and now the vulnerability is identified via CVE-2022-30767. The patch removes the sanity check introduced to mitigate CVE-2019-14196 since it's ineffective. filefh3_length is changed to unsigned type integer, preventing negative numbers from being used during comparison with positive values during size sanity checks. (From OE-Core rev: b7072637ba110718714745a01d67e1b6b0096165) Signed-off-by: Carlos Dominguez <carlos.dominguez@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>