Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 868407c65d79e82e83c37f7c32bef9a2e2bc4cd5 / . / poky / meta / recipes-bsp / u-boot / files / 0003-CVE-2019-13105.patch
blob: f525147e570299e46da2817566cf1de9073b015c [file] [log] [blame]
Brad Bishop00e122a2019-10-05 11:10:57 -0400[diff] [blame]1From 4e937d0de669ee69cf41c20494cbf66c339c3174 Mon Sep 17 00:00:00 2001
2From: Paul Emge <paulemge@forallsecure.com>
3Date: Mon, 8 Jul 2019 16:37:04 -0700
4Subject: [PATCH 3/9] CVE-2019-13105: ext4: fix double-free in ext4_cache_read
5
6ext_cache_read doesn't null cache->buf, after freeing, which results
7in a later function double-freeing it. This patch fixes
8ext_cache_read to call ext_cache_fini instead of free.
9
10Signed-off-by: Paul Emge <paulemge@forallsecure.com>
11
12Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
13 h=6e5a79de658cb1c8012c86e0837379aa6eabd024]
14
15CVE: CVE-2019-13105
16
17Signed-off-by: Meng Li <Meng.Li@windriver.com>
18---
19 fs/ext4/ext4fs.c | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
23index c8c8655ed8..e2b740cac4 100644
24--- a/fs/ext4/ext4fs.c
25+++ b/fs/ext4/ext4fs.c
26@@ -288,7 +288,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
27 if (!cache->buf)
28 return 0;
29 if (!ext4fs_devread(block, 0, size, cache->buf)) {
30- free(cache->buf);
31+ ext_cache_fini(cache);
32 return 0;
33 }
34 cache->block = block;
35--
362.17.1
37