projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b1e4404) | patch
package/blktrace: fix CVE-2018-10689
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 1 Mar 2020 17:45:29 +0000 (18:45 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sun, 1 Mar 2020 17:53:42 +0000 (18:53 +0100)
commit8c0ecc91b57f8f53b57b3646b61d0ff60a8054b7
treef63c64f241eb38515a9d96dd7eed300c015aa72ftree
parentb1e4404c047f87e8c1e5321d9f01b8620e983ca2commit | diff
package/blktrace: fix CVE-2018-10689

blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and
Android, has a buffer overflow in the dev_map_read function in
btt/devmap.c because the device and devno arrays are too small, as
demonstrated by an invalid free when using the btt program with a
crafted file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/blktrace/0001-btt-make-device-devno-use-PATH_MAX-to-avoid-overflow.patch [new file with mode: 0644] blob
package/blktrace/blktrace.mk diff | blob | history