binutils : Fix CVE-2023-1972

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57] (From OE-Core rev: d46891efa23932a048f7cc4d82c6387e03262f76) Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Deepthi Hemraj <deepadeepthi98@gmail.com> 2023-05-04 17:31:09 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-05-10 04:19:56 -1000
commit: 2396bda0797e9e89646882fe5a60fea9d6493c9b (patch)
tree: b824e70e988ec72008cbeca03784b96256727b78
parent: 2d215bee875f35705fb7dd146c29e5143aac0bb2 (diff)
download: poky-2396bda0797e9e89646882fe5a60fea9d6493c9b.tar.gz
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 408b503644..1ea17990c8 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -54,5 +54,6 @@ SRC_URI = "\
     file://0022-CVE-2023-25584-2.patch \
     file://0022-CVE-2023-25584-3.patch \
     file://0023-CVE-2023-25585.patch \
+     file://0026-CVE-2023-1972.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
new file mode 100644
index 0000000000..f86adad217
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
@@ -0,0 +1,41 @@
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 30 Mar 2023 09:10:09 +0000 (+0100)
+Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef table.
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57
+Fix an illegal memory access when an accessing a zer0-lengthverdef table.
+  PR 30285
+  * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]
+CVE: CVE-2023-1972
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 027d0143735..185028cbd97 100644
+--- a/bfd/elf.c
+++ b/bfd/elf.c
+@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+          bfd_set_error (bfd_error_file_too_big);
+          goto error_return_verdef;
+        }
+
+      if (amt == 0)
+       goto error_return_verdef;
+       elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verdef == NULL)
+        goto error_return_verdef;
+@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+          bfd_set_error (bfd_error_file_too_big);
+          goto error_return;
+        }
+      if (amt == 0)
+       goto error_return;
+       elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verdef == NULL)
+        goto error_return;
author	Deepthi Hemraj <deepadeepthi98@gmail.com>	2023-05-04 17:31:09 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-05-10 04:19:56 -1000
commit	2396bda0797e9e89646882fe5a60fea9d6493c9b (patch)
tree	b824e70e988ec72008cbeca03784b96256727b78
parent	2d215bee875f35705fb7dd146c29e5143aac0bb2 (diff)
download	poky-2396bda0797e9e89646882fe5a60fea9d6493c9b.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 408b503644..1ea17990c8 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -54,5 +54,6 @@ SRC_URI = "\
54	file://0022-CVE-2023-25584-2.patch \	54	file://0022-CVE-2023-25584-2.patch \
55	file://0022-CVE-2023-25584-3.patch \	55	file://0022-CVE-2023-25584-3.patch \
56	file://0023-CVE-2023-25585.patch \	56	file://0023-CVE-2023-25585.patch \
		57	file://0026-CVE-2023-1972.patch \
57	"	58	"
58	S = "${WORKDIR}/git"	59	S = "${WORKDIR}/git"


diff --git a/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch new file mode 100644 index 0000000000..f86adad217 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
@@ -0,0 +1,41 @@
		1	From: Nick Clifton <nickc@redhat.com>
		2	Date: Thu, 30 Mar 2023 09:10:09 +0000 (+0100)
		3	Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef table.
		4	X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57
		5
		6	Fix an illegal memory access when an accessing a zer0-lengthverdef table.
		7
		8	PR 30285
		9	* elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated.
		10
		11	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]
		12
		13	CVE: CVE-2023-1972
		14
		15	Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
		16
		17	---
		18
		19	diff --git a/bfd/elf.c b/bfd/elf.c
		20	index 027d0143735..185028cbd97 100644
		21	--- a/bfd/elf.c
		22	+++ b/bfd/elf.c
		23	@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
		24	bfd_set_error (bfd_error_file_too_big);
		25	goto error_return_verdef;
		26	}
		27	+
		28	+ if (amt == 0)
		29	+ goto error_return_verdef;
		30	elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
		31	if (elf_tdata (abfd)->verdef == NULL)
		32	goto error_return_verdef;
		33	@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
		34	bfd_set_error (bfd_error_file_too_big);
		35	goto error_return;
		36	}
		37	+ if (amt == 0)
		38	+ goto error_return;
		39	elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
		40	if (elf_tdata (abfd)->verdef == NULL)
		41	goto error_return;