[klibc] cpio: Fix possible integer overflow on 32-bit systems
Origin: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=
9b1c91577aef7f2e72c3aa11a27749160bd278ff
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-31872
The maximum name and file sizes in the "new" header format are 32-bit
unsigned values. However, the I/O functions mostly use long for sizes
and offsets, so that sizes >= 2^31 are handled wrongly on 32-bit
systems.
The current GNU cpio code doesn't seem to have this problem, but the
divergence between this version and that is large enough that I can't
simply cherry-pick a fix for it.
As a short-term fix, in read_in_new_ascii(), fail if c_namesize or
c_filesize is > LONG_MAX.
CVE-2021-31872
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Name 0039-klibc-cpio-Fix-possible-integer-overflow-on-32-bit-s.patch
projects / klibc.git / commit