[U-Boot] [PATCH 3/5] CVE-2019-13104: ext4: check for underflow in ext4fs_read_file

Tom Rini trini at konsulko.com
Thu Jul 18 23:59:07 UTC 2019


On Mon, Jul 08, 2019 at 04:37:05PM -0700, Paul Emge wrote:

> in ext4fs_read_file, it is possible for a broken/malicious file
> system to cause a memcpy of a negative number of bytes, which
> overflows all memory. This patch fixes the issue by checking for
> a negative length.
> 
> Signed-off-by: Paul Emge <paulemge at forallsecure.com>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190718/5e1ab59c/attachment.sig>


More information about the U-Boot mailing list