summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYuanjie Huang <yuanjie.huang@windriver.com>2017-05-25 19:40:40 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-06-05 23:30:22 +0100
commite28778ee72e4c6508f630edeb963a4666a770165 (patch)
tree58ec59ce04ed47a2270521a861ae6aa80ee5f1e6
parent7d7ac87831a4be45c9038ac2035582de0c1887d8 (diff)
downloadpoky-e28778ee72e4c6508f630edeb963a4666a770165.tar.gz
binutils: fix CVE-2017-7209 in readelf
CVE: CVE-2017-7209 [BZ 21135] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21135 PR binutils/21135: Fix invalid read of section contents whilst processing a corrupt binary. (From OE-Core rev: 2df642ca0a1e4a4e6616729018cf32d2108cabb2) (From OE-Core rev: b262000162cb4e18421dd85bf5216c9fa3bdbf15) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.28.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch62
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 75eca32b24..ed571b39e8 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -41,6 +41,7 @@ SRC_URI = "\
41 file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \ 41 file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \
42 file://CVE-2017-6969.patch \ 42 file://CVE-2017-6969.patch \
43 file://CVE-2017-6969_2.patch \ 43 file://CVE-2017-6969_2.patch \
44 file://CVE-2017-7209.patch \
44" 45"
45S = "${WORKDIR}/git" 46S = "${WORKDIR}/git"
46 47
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch
new file mode 100644
index 0000000000..2357a12836
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch
@@ -0,0 +1,62 @@
1From b2706ceadac7239e7b02d43f05100fc6538b0d65 Mon Sep 17 00:00:00 2001
2From: Nick Clifton <nickc@redhat.com>
3Date: Mon, 13 Feb 2017 15:04:37 +0000
4Subject: Fix invalid read of section contents whilst processing a corrupt binary.
5
6 PR binutils/21135
7 * readelf.c (dump_section_as_bytes): Handle the case where
8 uncompress_section_contents returns false.
9
10CVE: CVE-2017-7209
11Upstream-Status: Backport[master]
12
13Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
14---
15 binutils/ChangeLog | 6 ++++++
16 binutils/readelf.c | 16 ++++++++++++----
17 2 files changed, 18 insertions(+), 4 deletions(-)
18
19diff --git a/binutils/ChangeLog b/binutils/ChangeLog
20index 53352c1801..cf92744c12 100644
21--- a/binutils/ChangeLog
22+++ b/binutils/ChangeLog
23@@ -1,3 +1,9 @@
24+2017-02-13 Nick Clifton <nickc@redhat.com>
25+
26+ PR binutils/21135
27+ * readelf.c (dump_section_as_bytes): Handle the case where
28+ uncompress_section_contents returns false.
29+
30 2017-02-20 Nick Clifton <nickc@redhat.com>
31
32 PR binutils/21156
33diff --git a/binutils/readelf.c b/binutils/readelf.c
34index 4960491c5c..f0e7b080e8 100644
35--- a/binutils/readelf.c
36+++ b/binutils/readelf.c
37@@ -12803,10 +12803,18 @@ dump_section_as_bytes (Elf_Internal_Shdr * section,
38 new_size -= 12;
39 }
40
41- if (uncompressed_size
42- && uncompress_section_contents (& start, uncompressed_size,
43- & new_size))
44- section_size = new_size;
45+ if (uncompressed_size)
46+ {
47+ if (uncompress_section_contents (& start, uncompressed_size,
48+ & new_size))
49+ section_size = new_size;
50+ else
51+ {
52+ error (_("Unable to decompress section %s\n"),
53+ printable_section_name (section));
54+ return;
55+ }
56+ }
57 }
58
59 if (relocate)
60--
612.11.0
62