mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 21:11:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #773 from kinvolk/dongsu/bsdiff-CVE-2020-14315

Browse Source 
dev-util/bsdiff: fix heap overflow vulnerability CVE-2020-14315
This commit is contained in:
Dongsu Park 2021-01-13 08:58:18 +01:00 committed by GitHub
commit e1a95462f8
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r7.ebuild → sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r8.ebuild vendored
View File

@ -18,8 +18,10 @@ RDEPEND="app-arch/bzip2"
PATCHES=( PATCHES=(
"${FILESDIR}/${P}-CVE-2014-9862.patch" "${FILESDIR}/${P}-CVE-2014-9862.patch"
# Flatcar: Apply patch to change suffix sort to sais-lite # Flatcar: Apply patch to change suffix sort to sais-lite, and
# to fix heap overflow vulnerability CVE-2020-14315.
"${FILESDIR}/${PV}_bsdiff-convert-to-sais-lite-suffix-sort.patch" "${FILESDIR}/${PV}_bsdiff-convert-to-sais-lite-suffix-sort.patch"
"${FILESDIR}/${P}-CVE-2020-14315.patch"
) )
src_compile() { src_compile() {

22
sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2020-14315.patch vendored Normal file
View File

@ -0,0 +1,22 @@
--- a/bspatch.c 2021-01-11 15:53:32.642707355 +0100
+++ b/bspatch.c 2021-01-11 16:00:14.704637769 +0100
@@ -35,6 +35,7 @@
#include <err.h>
#include <unistd.h>
#include <fcntl.h>
+#include <limits.h>
static off_t offtin(u_char *buf)
{
@@ -152,8 +153,9 @@
};
/* Sanity-check */
- if ((ctrl[0] < 0) || (ctrl[1] < 0))
- errx(1,"Corrupt patch\n");
+ if (ctrl[0] < 0 || ctrl[0] > INT_MAX ||
+ ctrl[1] < 0 || ctrl[1] > INT_MAX)
+ errx(1, "Corrupt patch\n");
/* Sanity-check */
if(newpos+ctrl[0]>newsize)