Wind River Support Network

HomeDefectsLIN1019-7557
Fixed

LIN1019-7557 : cpio regression due to CVE-2021-38185

Created: Dec 24, 2021    Updated: Apr 5, 2022
Resolved Date: Jan 29, 2022
Found In Version: 10.19.45.21
Fix Version: 10.19.45.22
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

With the CVE-2021-38185 fix applied, cpio no longer accepts an "output
path" longer than 127 characters.

[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992098]

Steps to Reproduce

cd $(mktemp -d) ; touch foo ; echo foo | cpio -pd $(python3 -c
'print("A" * 128)')

If the "output" path is > 127 characters, cpio will simply stall.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube