diff mbox series

[meta-initramfs,kirkstone,02/10] klibc: patch CVE-2021-31871

Message ID 20251027141557.1893563-2-skandigraun@gmail.com
State New
Headers show
Series [meta-initramfs,kirkstone,01/10] klibc: patch CVE-2021-31870 | expand

Commit Message

Gyorgy Sarvari Oct. 27, 2025, 2:15 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31871

Pick the patch mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../klibc/files/CVE-2021-31871.patch          | 34 +++++++++++++++++++
 .../recipes-devtools/klibc/klibc.inc          |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31871.patch
diff mbox series

Patch

diff --git a/meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31871.patch b/meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31871.patch
new file mode 100644
index 0000000000..c8c40ec931
--- /dev/null
+++ b/meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31871.patch
@@ -0,0 +1,34 @@ 
+From db29a01c413fcaaa1095284dfe31582e97d35679 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Wed, 28 Apr 2021 19:46:47 +0200
+Subject: [PATCH] cpio: Fix possible crash on 64-bit systems
+
+copyin_link() tries to allocate (unsigned int)c_filesize + 1 bytes.
+If c_filesize == UINT_MAX, this works out as 0 bytes, resulting in a
+null pointer and a subsequent SIGSEGV.
+
+The previous commit made this impossible on 32-bit systems.
+
+CVE-2021-31871
+
+CVE: CVE-2021-31871
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5]
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ usr/utils/cpio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/usr/utils/cpio.c b/usr/utils/cpio.c
+index cb61679..a13c876 100644
+--- a/usr/utils/cpio.c
++++ b/usr/utils/cpio.c
+@@ -831,7 +831,7 @@ static void copyin_link(struct new_cpio_header *file_hdr, int in_file_des)
+ 	char *link_name = NULL;	/* Name of hard and symbolic links.  */
+ 	int res;		/* Result of various function calls.  */
+ 
+-	link_name = (char *)xmalloc((unsigned int)file_hdr->c_filesize + 1);
++	link_name = (char *)xmalloc(file_hdr->c_filesize + 1);
+ 	link_name[file_hdr->c_filesize] = '\0';
+ 	tape_buffered_read(link_name, in_file_des, file_hdr->c_filesize);
+ 	tape_skip_padding(in_file_des, file_hdr->c_filesize);
diff --git a/meta-initramfs/recipes-devtools/klibc/klibc.inc b/meta-initramfs/recipes-devtools/klibc/klibc.inc
index dd22282b40..ccf4a56953 100644
--- a/meta-initramfs/recipes-devtools/klibc/klibc.inc
+++ b/meta-initramfs/recipes-devtools/klibc/klibc.inc
@@ -22,6 +22,7 @@  SRC_URI = "${KERNELORG_MIRROR}/linux/libs/klibc/2.0/klibc-${PV}.tar.xz \
            file://cross-clang.patch \
            file://0001-workaround-for-overlapping-sections-in-binary.patch \
            file://CVE-2021-31870.patch \
+           file://CVE-2021-31871.patch \
            "
 
 ARMPATCHES ?= ""