diff options
| author | Armin Kuster <akuster808@gmail.com> | 2017-11-26 13:27:38 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-12-11 22:02:58 +0000 |
| commit | ffdcca938be9356b009a0c0daf012603164a8e92 (patch) | |
| tree | 38fb8d47cf4468bfa753d1f5e7c639c61b972447 | |
| parent | 5d2f47f2a205919a036c556349630e608b75e762 (diff) | |
| download | poky-ffdcca938be9356b009a0c0daf012603164a8e92.tar.gz | |
binutils: Security fix CVE-2017-8421
Affects: <= 2.28
(From OE-Core rev: 7442e97d451047e5f8ed2e23f5898837a7d572a7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.28.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch | 52 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index d58d7b86cc..5b6270a7c2 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc | |||
| @@ -50,6 +50,7 @@ SRC_URI = "\ | |||
| 50 | file://CVE-2017-8395.patch \ | 50 | file://CVE-2017-8395.patch \ |
| 51 | file://CVE-2017-8396_8397.patch \ | 51 | file://CVE-2017-8396_8397.patch \ |
| 52 | file://CVE-2017-8398.patch \ | 52 | file://CVE-2017-8398.patch \ |
| 53 | file://CVE-2017-8421.patch \ | ||
| 53 | " | 54 | " |
| 54 | S = "${WORKDIR}/git" | 55 | S = "${WORKDIR}/git" |
| 55 | 56 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch new file mode 100644 index 0000000000..7969c66f30 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch | |||
| @@ -0,0 +1,52 @@ | |||
| 1 | From 39ff1b79f687b65f4144ddb379f22587003443fb Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Nick Clifton <nickc@redhat.com> | ||
| 3 | Date: Tue, 2 May 2017 11:54:53 +0100 | ||
| 4 | Subject: [PATCH] Prevent memory exhaustion from a corrupt PE binary with an | ||
| 5 | overlarge number of relocs. | ||
| 6 | |||
| 7 | PR 21440 | ||
| 8 | * objdump.c (dump_relocs_in_section): Check for an excessive | ||
| 9 | number of relocs before attempting to dump them. | ||
| 10 | |||
| 11 | Upstream-Status: Backport | ||
| 12 | CVE: CVE-2017-8421 | ||
| 13 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 14 | |||
| 15 | --- | ||
| 16 | binutils/ChangeLog | 6 ++++++ | ||
| 17 | binutils/objdump.c | 8 ++++++++ | ||
| 18 | 2 files changed, 14 insertions(+) | ||
| 19 | |||
| 20 | Index: git/binutils/objdump.c | ||
| 21 | =================================================================== | ||
| 22 | --- git.orig/binutils/objdump.c | ||
| 23 | +++ git/binutils/objdump.c | ||
| 24 | @@ -3311,6 +3311,14 @@ dump_relocs_in_section (bfd *abfd, | ||
| 25 | return; | ||
| 26 | } | ||
| 27 | |||
| 28 | + if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0 | ||
| 29 | + && relsize > get_file_size (bfd_get_filename (abfd))) | ||
| 30 | + { | ||
| 31 | + printf (" (too many: 0x%x)\n", section->reloc_count); | ||
| 32 | + bfd_set_error (bfd_error_file_truncated); | ||
| 33 | + bfd_fatal (bfd_get_filename (abfd)); | ||
| 34 | + } | ||
| 35 | + | ||
| 36 | relpp = (arelent **) xmalloc (relsize); | ||
| 37 | relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms); | ||
| 38 | |||
| 39 | Index: git/binutils/ChangeLog | ||
| 40 | =================================================================== | ||
| 41 | --- git.orig/binutils/ChangeLog | ||
| 42 | +++ git/binutils/ChangeLog | ||
| 43 | @@ -1,3 +1,9 @@ | ||
| 44 | +2017-05-02 Nick Clifton <nickc@redhat.com> | ||
| 45 | + | ||
| 46 | + PR 21440 | ||
| 47 | + * objdump.c (dump_relocs_in_section): Check for an excessive | ||
| 48 | + number of relocs before attempting to dump them. | ||
| 49 | + | ||
| 50 | 2017-04-28 Nick Clifton <nickc@redhat.com> | ||
| 51 | |||
| 52 | PR binutils/21438 | ||