[U-Boot] [PATCH 4/5] ext4: gracefully fail on divide-by-0

This patch checks for 0 in several ext4 headers and gracefully fails instead of raising a divide-by-0 exception. Signed-off-by: Paul Emge --- fs/ext4/ext4_common.c | 12 1 file changed, 12 insertions(+) diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c index 464c33d0d7

[U-Boot] [PATCH 5/5] CVE-2019-13106: ext4: fix out-of-bounds memset

In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of the destination memory region. This patch adds a check to disallow this. Signed-off-by: Paul Emge --- fs/ext4/ext4fs.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/ext4/ext4fs.c b/fs/ext4

[U-Boot] [PATCH 3/5] CVE-2019-13104: ext4: check for underflow in ext4fs_read_file

in ext4fs_read_file, it is possible for a broken/malicious file system to cause a memcpy of a negative number of bytes, which overflows all memory. This patch fixes the issue by checking for a negative length. Signed-off-by: Paul Emge --- fs/ext4/ext4fs.c | 8 +--- 1 file changed, 5

[U-Boot] [PATCH 2/5] CVE-2019-13105: ext4: fix double-free in ext4_cache_read

ext_cache_read doesn't null cache->buf, after freeing, which results in a later function double-freeing it. This patch fixes ext_cache_read to call ext_cache_fini instead of free. Signed-off-by: Paul Emge --- fs/ext4/ext4fs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

[U-Boot] [PATCH 1/5] CVE-2019-13103: disk: stop infinite recursion in DOS Partitions

part_get_info_extended and print_partition_extended can recurse infinitely while parsing a self-referential filesystem or one with a silly number of extended partitions. This patch adds a limit to the number of recursive partitions. Signed-off-by: Paul Emge --- disk/part_dos.c | 18