All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit] package/lz4: add upstream security fix for CVE-2021-3520
@ 2021-05-23 11:45 Yann E. MORIN
  0 siblings, 0 replies; only message in thread
From: Yann E. MORIN @ 2021-05-23 11:45 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=ecb55c43cea48445fec74b0c9758431bcb1a54f0
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Fixes a potential memory corruption with negative memmove() size.  For
details, see (NVD not yet updated):

https://security-tracker.debian.org/tracker/CVE-2021-3520

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
 ...al-memory-corruption-with-negative-memmov.patch | 26 ++++++++++++++++++++++
 package/lz4/lz4.mk                                 |  3 +++
 2 files changed, 29 insertions(+)

diff --git a/package/lz4/0001-Fix-potential-memory-corruption-with-negative-memmov.patch b/package/lz4/0001-Fix-potential-memory-corruption-with-negative-memmov.patch
new file mode 100644
index 0000000000..57e4e38f84
--- /dev/null
+++ b/package/lz4/0001-Fix-potential-memory-corruption-with-negative-memmov.patch
@@ -0,0 +1,26 @@
+From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
+From: Jasper Lievisse Adriaanse <j@jasper.la>
+Date: Fri, 26 Feb 2021 15:21:20 +0100
+Subject: [PATCH] Fix potential memory corruption with negative memmove() size
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 5f524d0..c2f504e 100644
+--- a/lib/lz4.c
++++ b/lib/lz4.c
+@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
+                  const size_t dictSize         /* note : = 0 if noDict */
+                  )
+ {
+-    if (src == NULL) { return -1; }
++    if ((src == NULL) || (outputSize < 0)) { return -1; }
+ 
+     {   const BYTE* ip = (const BYTE*) src;
+         const BYTE* const iend = ip + srcSize;
+-- 
+2.20.1
+
diff --git a/package/lz4/lz4.mk b/package/lz4/lz4.mk
index e0236c05b1..9b9b6198c3 100644
--- a/package/lz4/lz4.mk
+++ b/package/lz4/lz4.mk
@@ -17,6 +17,9 @@ LZ4_CPE_ID_VENDOR = yann_collet
 # See https://github.com/lz4/lz4/issues/818
 LZ4_IGNORE_CVES += CVE-2014-4715
 
+# 0001-Fix-potential-memory-corruption-with-negative-memmov.patch
+LZ4_IGNORE_CVES += CVE-2021-3520
+
 ifeq ($(BR2_STATIC_LIBS),y)
 LZ4_MAKE_OPTS += BUILD_SHARED=no
 else ifeq ($(BR2_SHARED_LIBS),y)

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2021-05-23 11:45 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-23 11:45 [Buildroot] [git commit] package/lz4: add upstream security fix for CVE-2021-3520 Yann E. MORIN

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.