diff options
| author | yanjun.zhu <yanjun.zhu@windriver.com> | 2012-11-30 19:41:23 +0800 | 
|---|---|---|
| committer | Ross Burton <ross.burton@intel.com> | 2012-12-05 12:51:55 +0000 | 
| commit | a45ec682748b0d6e5bb21af04d205edb5ef1360e (patch) | |
| tree | 33efe76e1a710463daab6b26a0844e5d1b480fd3 /meta/classes | |
| parent | a1ef9a5f647abfafd337b22b6353848962bcb00d (diff) | |
| download | openembedded-core-a45ec682748b0d6e5bb21af04d205edb5ef1360e.tar.gz openembedded-core-a45ec682748b0d6e5bb21af04d205edb5ef1360e.tar.bz2 openembedded-core-a45ec682748b0d6e5bb21af04d205edb5ef1360e.zip | |
squashfs: fix for CVE-2012-4024
Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=
squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123
Fix potential stack overflow in get_component() where an individual
pathname component in an extract file (specified on the command line
or in an extract file) could exceed the 1024 byte sized targname
allocated on the stack.
Fix by dynamically allocating targname rather than storing it as
a fixed size on the stack.
[YOCTO #3513]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
0 files changed, 0 insertions, 0 deletions
