binutils: fix CVE-2019-14250 CVE-2019-14444

(From OE-Core rev: 41579d569738a23b80d4599fd6ec082488c6cfee) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Anuj Mittal <anuj.mittal@intel.com> 2019-08-19 21:47:08 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-09-30 16:44:42 +0100
commit: b3f4f862a76293ddb0310400777686c9424a6784 (patch)
tree: 9ef37a6425e9bdb62b01405093463059109367d9
parent: 6438f794f6196b3c68eb23ce381a40973ef292c1 (diff)
download: poky-b3f4f862a76293ddb0310400777686c9424a6784.tar.gz
3 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 31c24a37f5..d3c52936d1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -50,6 +50,8 @@ SRC_URI = "\
     file://CVE-2019-9077.patch \
     file://CVE-2019-9071.patch \
     file://CVE-2019-12972.patch \
+     file://CVE-2019-14250.patch \
+     file://CVE-2019-14444.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch
new file mode 100644
index 0000000000..c915a832b0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch
@@ -0,0 +1,33 @@
+From df78be05daf4eb07f60f50ec1080cb979af32ec0 Mon Sep 17 00:00:00 2001
+From: marxin <marxin@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Tue, 23 Jul 2019 07:33:32 +0000
+Subject: [PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@273718 138bc75d-0d04-0410-961f-82ee72b054a4
+CVE: CVE-2019-14250
+Upstream-Status: Backport [from gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=273718]
+[Removed Changelog entry]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+diff --git a/libiberty/simple-object-elf.c b/libiberty/simple-object-elf.c
+index 502388991a08..bdee963634d6 100644
+--- a/libiberty/simple-object-elf.c
+++ b/libiberty/simple-object-elf.c
+@@ -548,7 +548,15 @@ simple_object_elf_match (unsigned char header[SIMPLE_OBJECT_MATCH_HEADER_LEN],
+       XDELETE (eor);
+       return NULL;
+     }
+-
+  
+  if (eor->shstrndx == 0)
+    {
+      *errmsg = "invalid ELF shstrndx == 0";
+      *err = 0;
+      XDELETE (eor);
+      return NULL;
+    }
+  
+   return (void *) eor;
+ }
+ 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
new file mode 100644
index 0000000000..85b9a9f916
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
@@ -0,0 +1,28 @@
+From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 5 Aug 2019 10:40:35 +0100
+Subject: [PATCH] Catch potential integer overflow in readelf when processing
+ corrupt binaries.
+        PR 24829
+        * readelf.c (apply_relocations): Catch potential integer overflow
+        whilst checking reloc location against section size.
+CVE: CVE-2019-14444
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7]
+[Removed Changelog entry]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index b896ad9f406..e785fde43e7 100644
+--- a/binutils/readelf.c
+++ b/binutils/readelf.c
+@@ -13366,7 +13366,7 @@ apply_relocations (Filedata *                 filedata,
+            }
+ 
+          rloc = start + rp->r_offset;
+-         if ((rloc + reloc_size) > end || (rloc < start))
+         if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
+            {
+              warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
+                    (unsigned long) rp->r_offset,
author	Anuj Mittal <anuj.mittal@intel.com>	2019-08-19 21:47:08 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-09-30 16:44:42 +0100
commit	b3f4f862a76293ddb0310400777686c9424a6784 (patch)
tree	9ef37a6425e9bdb62b01405093463059109367d9
parent	6438f794f6196b3c68eb23ce381a40973ef292c1 (diff)
download	poky-b3f4f862a76293ddb0310400777686c9424a6784.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc b/meta/recipes-devtools/binutils/binutils-2.32.inc index 31c24a37f5..d3c52936d1 100644 --- a/meta/recipes-devtools/binutils/binutils-2.32.inc +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -50,6 +50,8 @@ SRC_URI = "\
50	file://CVE-2019-9077.patch \	50	file://CVE-2019-9077.patch \
51	file://CVE-2019-9071.patch \	51	file://CVE-2019-9071.patch \
52	file://CVE-2019-12972.patch \	52	file://CVE-2019-12972.patch \
		53	file://CVE-2019-14250.patch \
		54	file://CVE-2019-14444.patch \
53	"	55	"
54	S = "${WORKDIR}/git"	56	S = "${WORKDIR}/git"
55		57


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch new file mode 100644 index 0000000000..c915a832b0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch
@@ -0,0 +1,33 @@
		1	From df78be05daf4eb07f60f50ec1080cb979af32ec0 Mon Sep 17 00:00:00 2001
		2	From: marxin <marxin@138bc75d-0d04-0410-961f-82ee72b054a4>
		3	Date: Tue, 23 Jul 2019 07:33:32 +0000
		4	Subject: [PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c
		5
		6	git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@273718 138bc75d-0d04-0410-961f-82ee72b054a4
		7
		8	CVE: CVE-2019-14250
		9	Upstream-Status: Backport [from gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=273718]
		10	[Removed Changelog entry]
		11	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
		12	---
		13	diff --git a/libiberty/simple-object-elf.c b/libiberty/simple-object-elf.c
		14	index 502388991a08..bdee963634d6 100644
		15	--- a/libiberty/simple-object-elf.c
		16	+++ b/libiberty/simple-object-elf.c
		17	@@ -548,7 +548,15 @@ simple_object_elf_match (unsigned char header[SIMPLE_OBJECT_MATCH_HEADER_LEN],
		18	XDELETE (eor);
		19	return NULL;
		20	}
		21	-
		22	+
		23	+ if (eor->shstrndx == 0)
		24	+ {
		25	+ *errmsg = "invalid ELF shstrndx == 0";
		26	+ *err = 0;
		27	+ XDELETE (eor);
		28	+ return NULL;
		29	+ }
		30	+
		31	return (void *) eor;
		32	}
		33


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch new file mode 100644 index 0000000000..85b9a9f916 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
@@ -0,0 +1,28 @@
		1	From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Mon, 5 Aug 2019 10:40:35 +0100
		4	Subject: [PATCH] Catch potential integer overflow in readelf when processing
		5	corrupt binaries.
		6
		7	PR 24829
		8	* readelf.c (apply_relocations): Catch potential integer overflow
		9	whilst checking reloc location against section size.
		10
		11	CVE: CVE-2019-14444
		12	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7]
		13	[Removed Changelog entry]
		14	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
		15	---
		16	diff --git a/binutils/readelf.c b/binutils/readelf.c
		17	index b896ad9f406..e785fde43e7 100644
		18	--- a/binutils/readelf.c
		19	+++ b/binutils/readelf.c
		20	@@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata,
		21	}
		22
		23	rloc = start + rp->r_offset;
		24	- if ((rloc + reloc_size) > end \|\| (rloc < start))
		25	+ if (rloc >= end \|\| (rloc + reloc_size) > end \|\| (rloc < start))
		26	{
		27	warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
		28	(unsigned long) rp->r_offset,