diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 13:59:36 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:10:07 +0000 |
commit | 24a6fa61841c1f2de621b7cf41585300a69f9951 (patch) | |
tree | ce5342b79cb3da60d1b4b30cfbfdadc3353160e9 | |
parent | f85b35f63ac606ef455413f2315551509cb7a0e7 (diff) | |
download | poky-24a6fa61841c1f2de621b7cf41585300a69f9951.tar.gz |
binutils: CVE-2017-7225
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74296
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: d2cf3ab15c89351c941c92e4cdf28c2bfa9dcda8
Description:
Fix seg-fault running addr2line on a corrupt binary.
PR binutils/20891
* aoutx.h (find_nearest_line): Handle the case where the main file
name and the directory name are both empty.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: ba01ee6899c8d36e6469f6d02d40866fb0502af9)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch | 66 |
2 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 82b9be774f..4833552ca9 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -61,6 +61,7 @@ SRC_URI = "\ | |||
61 | file://CVE-2017-12450_12452_12453_12454_12456.patch \ | 61 | file://CVE-2017-12450_12452_12453_12454_12456.patch \ |
62 | file://CVE-2017-7223.patch \ | 62 | file://CVE-2017-7223.patch \ |
63 | file://CVE-2017-7224.patch \ | 63 | file://CVE-2017-7224.patch \ |
64 | file://CVE-2017-7225.patch \ | ||
64 | " | 65 | " |
65 | S = "${WORKDIR}/git" | 66 | S = "${WORKDIR}/git" |
66 | 67 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch new file mode 100644 index 0000000000..699905a4d0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | commit 50455f1ab2935f7321215dfa681745c9b1cb5b19 | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Thu Dec 1 10:15:07 2016 +0000 | ||
4 | |||
5 | Fix seg-fault running addr2line on a corrupt binary. | ||
6 | |||
7 | PR binutils/20891 | ||
8 | * aoutx.h (find_nearest_line): Handle the case where the main file | ||
9 | name and the directory name are both empty. | ||
10 | |||
11 | Upstream-Status: backport | ||
12 | |||
13 | CVE: CVE-2017-7225 | ||
14 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
15 | |||
16 | Index: git/bfd/ChangeLog | ||
17 | =================================================================== | ||
18 | --- git.orig/bfd/ChangeLog 2017-09-04 13:04:20.941485636 +0530 | ||
19 | +++ git/bfd/ChangeLog 2017-09-04 13:08:05.003175703 +0530 | ||
20 | @@ -120,6 +120,12 @@ | ||
21 | * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over | ||
22 | the end of the string buffer. | ||
23 | |||
24 | +2016-12-01 Nick Clifton <nickc@redhat.com> | ||
25 | + | ||
26 | + PR binutils/20891 | ||
27 | + * aoutx.h (find_nearest_line): Handle the case where the main file | ||
28 | + name and the directory name are both empty. | ||
29 | + | ||
30 | PR binutils/20892 | ||
31 | * aoutx.h (find_nearest_line): Handle the case where the function | ||
32 | name is empty. | ||
33 | Index: git/bfd/aoutx.h | ||
34 | =================================================================== | ||
35 | --- git.orig/bfd/aoutx.h 2017-09-04 13:04:20.941485636 +0530 | ||
36 | +++ git/bfd/aoutx.h 2017-09-04 13:10:55.856441243 +0530 | ||
37 | @@ -2663,7 +2663,7 @@ | ||
38 | char *buf; | ||
39 | |||
40 | *filename_ptr = abfd->filename; | ||
41 | - *functionname_ptr = 0; | ||
42 | + *functionname_ptr = NULL; | ||
43 | *line_ptr = 0; | ||
44 | if (disriminator_ptr) | ||
45 | *disriminator_ptr = 0; | ||
46 | @@ -2808,9 +2808,17 @@ | ||
47 | *filename_ptr = main_file_name; | ||
48 | else | ||
49 | { | ||
50 | - sprintf (buf, "%s%s", directory_name, main_file_name); | ||
51 | - *filename_ptr = buf; | ||
52 | - buf += filelen + 1; | ||
53 | + if (buf == NULL) | ||
54 | + /* PR binutils/20891: In a corrupt input file both | ||
55 | + main_file_name and directory_name can be empty... */ | ||
56 | + * filename_ptr = NULL; | ||
57 | + else | ||
58 | + { | ||
59 | + snprintf (buf, filelen + 1, "%s%s", directory_name, | ||
60 | + main_file_name); | ||
61 | + *filename_ptr = buf; | ||
62 | + buf += filelen + 1; | ||
63 | + } | ||
64 | } | ||
65 | } | ||
66 | |||