aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/layerscape/armv8_64b
diff options
context:
space:
mode:
authorPetr Štetiar <ynezz@true.cz>2020-11-20 13:13:27 +0100
committerPetr Štetiar <ynezz@true.cz>2020-11-23 22:37:03 +0100
commit733a48273383e2337fcd7c0eb5ee8958f42dc4c0 (patch)
tree0b354b914885cc819a54e58e7cf6b4716759a2d6 /target/linux/layerscape/armv8_64b
parentc9c7b4b3945c01c2aadf3ef5d9a77c8200db80f1 (diff)
downloadupstream-733a48273383e2337fcd7c0eb5ee8958f42dc4c0.tar.gz
upstream-733a48273383e2337fcd7c0eb5ee8958f42dc4c0.tar.bz2
upstream-733a48273383e2337fcd7c0eb5ee8958f42dc4c0.zip
musl: handle wcsnrtombs destination buffer overflow (CVE-2020-28928)
The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress (no overflow) or writing past the end of the destination buffera. This function is not used internally in musl and is not widely used, but does appear in some applications. The non-input-limiting form wcsrtombs is not affected. All users of musl 1.2.1 and prior versions should apply the attached patch, which replaces the overly complex and erroneous implementation. The upcoming 1.2.2 release will adopt this new implementation. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 4d4ef1058c0f10aa2fa4070cd6b9db4d48b94148)
Diffstat (limited to 'target/linux/layerscape/armv8_64b')
0 files changed, 0 insertions, 0 deletions