diff options
author | Armin Kuster <akuster@mvista.com> | 2018-08-07 16:06:49 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-15 10:22:45 +0100 |
commit | 7d51055f445c6f91454fe3b05174ec1d6020e896 (patch) | |
tree | 766a440e606614ccc5875a8f1862c1c24cff3028 | |
parent | 2720b93220c957069c4d2f99b66b13c38e963104 (diff) | |
download | poky-7d51055f445c6f91454fe3b05174ec1d6020e896.tar.gz |
binutls: Security fix for CVE-2017-16830
Affects: <= 2.29.1
(From OE-Core rev: 29c6da2092599145e5a4f00ccc6029f31ec724da)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch | 91 |
2 files changed, 92 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 7966cc3248..4191482929 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc | |||
@@ -57,6 +57,7 @@ SRC_URI = "\ | |||
57 | file://CVE-2017-16828_p1.patch \ | 57 | file://CVE-2017-16828_p1.patch \ |
58 | file://CVE-2017-16828_p2.patch \ | 58 | file://CVE-2017-16828_p2.patch \ |
59 | file://CVE-2017-16829.patch \ | 59 | file://CVE-2017-16829.patch \ |
60 | file://CVE-2017-16830.patch \ | ||
60 | " | 61 | " |
61 | S = "${WORKDIR}/git" | 62 | S = "${WORKDIR}/git" |
62 | 63 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch new file mode 100644 index 0000000000..1382c8e3e7 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch | |||
@@ -0,0 +1,91 @@ | |||
1 | From 6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mingi Cho <mgcho.minic@gmail.com> | ||
3 | Date: Thu, 2 Nov 2017 17:01:08 +0000 | ||
4 | Subject: [PATCH] Work around integer overflows when readelf is checking for | ||
5 | corrupt ELF notes when run on a 32-bit host. | ||
6 | |||
7 | PR 22384 | ||
8 | * readelf.c (print_gnu_property_note): Improve overflow checks so | ||
9 | that they will work on a 32-bit host. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | Affects: <= 2.29.1 | ||
13 | CVE: CVE-2017-16830 | ||
14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
15 | |||
16 | --- | ||
17 | binutils/ChangeLog | 6 ++++++ | ||
18 | binutils/readelf.c | 33 +++++++++++++++++---------------- | ||
19 | 2 files changed, 23 insertions(+), 16 deletions(-) | ||
20 | |||
21 | Index: git/binutils/readelf.c | ||
22 | =================================================================== | ||
23 | --- git.orig/binutils/readelf.c | ||
24 | +++ git/binutils/readelf.c | ||
25 | @@ -16431,15 +16431,24 @@ print_gnu_property_note (Elf_Internal_No | ||
26 | return; | ||
27 | } | ||
28 | |||
29 | - while (1) | ||
30 | + while (ptr < ptr_end) | ||
31 | { | ||
32 | unsigned int j; | ||
33 | - unsigned int type = byte_get (ptr, 4); | ||
34 | - unsigned int datasz = byte_get (ptr + 4, 4); | ||
35 | + unsigned int type; | ||
36 | + unsigned int datasz; | ||
37 | + | ||
38 | + if ((size_t) (ptr_end - ptr) < 8) | ||
39 | + { | ||
40 | + printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); | ||
41 | + break; | ||
42 | + } | ||
43 | + | ||
44 | + type = byte_get (ptr, 4); | ||
45 | + datasz = byte_get (ptr + 4, 4); | ||
46 | |||
47 | ptr += 8; | ||
48 | |||
49 | - if ((ptr + datasz) > ptr_end) | ||
50 | + if (datasz > (size_t) (ptr_end - ptr)) | ||
51 | { | ||
52 | printf (_("<corrupt type (%#x) datasz: %#x>\n"), | ||
53 | type, datasz); | ||
54 | @@ -16520,19 +16529,11 @@ next: | ||
55 | ptr += ((datasz + (size - 1)) & ~ (size - 1)); | ||
56 | if (ptr == ptr_end) | ||
57 | break; | ||
58 | - else | ||
59 | - { | ||
60 | - if (do_wide) | ||
61 | - printf (", "); | ||
62 | - else | ||
63 | - printf ("\n\t"); | ||
64 | - } | ||
65 | |||
66 | - if (ptr > (ptr_end - 8)) | ||
67 | - { | ||
68 | - printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); | ||
69 | - break; | ||
70 | - } | ||
71 | + if (do_wide) | ||
72 | + printf (", "); | ||
73 | + else | ||
74 | + printf ("\n\t"); | ||
75 | } | ||
76 | |||
77 | printf ("\n"); | ||
78 | Index: git/binutils/ChangeLog | ||
79 | =================================================================== | ||
80 | --- git.orig/binutils/ChangeLog | ||
81 | +++ git/binutils/ChangeLog | ||
82 | @@ -1,3 +1,9 @@ | ||
83 | +2017-11-02 Mingi Cho <mgcho.minic@gmail.com> | ||
84 | + | ||
85 | + PR 22384 | ||
86 | + * readelf.c (print_gnu_property_note): Improve overflow checks so | ||
87 | + that they will work on a 32-bit host. | ||
88 | + | ||
89 | 2017-10-05 Alan Modra <amodra@gmail.com> | ||
90 | |||
91 | PR 22239 | ||