Wind River Support Network

HomeDefectsLIN1018-8471
Fixed

LIN1018-8471 : cpio regression due to CVE-2021-38185

Created: Dec 10, 2021    Updated: Mar 25, 2022
Resolved Date: Dec 24, 2021
Found In Version: 10.18.44.24
Fix Version: 10.18.44.25
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

With the CVE-2021-38185 fix applied, cpio no longer accepts an "output
path" longer than 127 characters.

[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992098]

Steps to Reproduce

cd $(mktemp -d) ; touch foo ; echo foo | cpio -pd $(python3 -c
'print("A" * 128)')

If the "output" path is > 127 characters, cpio will simply stall.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube