binutls: Security fix for CVE-2017-14938

Affects: <= 2.29.1 (From OE-Core rev: 45de3690367c8e0adf443a2f2630ecf8791789d6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2018-08-06 14:16:09 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-08-15 10:22:45 +0100
commit: b38088da6a8685d934c772fe864d16e952c0c0b9 (patch)
tree: 565426dec761a38729267af21fca3caa3af623a4
parent: 6e01f789947809c3039ea5ff9bdff05d1142cd25 (diff)
download: poky-b38088da6a8685d934c772fe864d16e952c0c0b9.tar.gz
2 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 1962f5c303..c7c755fcb3 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -41,6 +41,7 @@ SRC_URI = "\
     file://CVE-2017-14933_p1.patch \
     file://CVE-2017-14933_p2.patch \
     file://CVE-2017-14934.patch \
+     file://CVE-2017-14938.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
new file mode 100644
index 0000000000..e62c73c06d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
@@ -0,0 +1,64 @@
+From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:34:57 +0930
+Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation
+The sanity check covers the previous minimim size, plus that the size
+is at least enough for sh_info verneed entries.
+Also, since we write all verneed fields or exit with an error, there
+isn't any need to zero the memory allocated for verneed entries.
+        PR 22166
+        * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
+        SHT_GNU_verneed section for sanity.  Don't zalloc memory for
+        verref.
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14938
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/elf.c     | 5 +++--
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
+++ git/bfd/elf.c
+@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 
+       hdr = &elf_tdata (abfd)->dynverref_hdr;
+ 
+-      if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed))
+      if (hdr->sh_info == 0
+         || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed))
+        {
+ error_return_bad_verref:
+          _bfd_error_handler
+@@ -8219,7 +8220,7 @@ error_return_verref:
+        goto error_return_verref;
+ 
+       elf_tdata (abfd)->verref = (Elf_Internal_Verneed *)
+-       bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
+       bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
+ 
+       if (elf_tdata (abfd)->verref == NULL)
+        goto error_return_verref;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
+2017-09-24  Alan Modra  <amodra@gmail.com>
+
+       PR 22166
+       * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
+       SHT_GNU_verneed section for sanity.  Don't zalloc memory for
+       verref.
+
+ 2017-09-26  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22210
author	Armin Kuster <akuster@mvista.com>	2018-08-06 14:16:09 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-08-15 10:22:45 +0100
commit	b38088da6a8685d934c772fe864d16e952c0c0b9 (patch)
tree	565426dec761a38729267af21fca3caa3af623a4
parent	6e01f789947809c3039ea5ff9bdff05d1142cd25 (diff)
download	poky-b38088da6a8685d934c772fe864d16e952c0c0b9.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 1962f5c303..c7c755fcb3 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -41,6 +41,7 @@ SRC_URI = "\
41	file://CVE-2017-14933_p1.patch \	41	file://CVE-2017-14933_p1.patch \
42	file://CVE-2017-14933_p2.patch \	42	file://CVE-2017-14933_p2.patch \
43	file://CVE-2017-14934.patch \	43	file://CVE-2017-14934.patch \
		44	file://CVE-2017-14938.patch \
44	"	45	"
45	S = "${WORKDIR}/git"	46	S = "${WORKDIR}/git"
46		47


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch new file mode 100644 index 0000000000..e62c73c06d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
@@ -0,0 +1,64 @@
		1	From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Sun, 24 Sep 2017 14:34:57 +0930
		4	Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation
		5
		6	The sanity check covers the previous minimim size, plus that the size
		7	is at least enough for sh_info verneed entries.
		8
		9	Also, since we write all verneed fields or exit with an error, there
		10	isn't any need to zero the memory allocated for verneed entries.
		11
		12	PR 22166
		13	* elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
		14	SHT_GNU_verneed section for sanity. Don't zalloc memory for
		15	verref.
		16
		17	Upstream-Status: Backport
		18	Affects: <= 2.29.1
		19	CVE: CVE-2017-14938
		20	Signed-off-by: Armin Kuster <akuster@mvista.com>
		21
		22	---
		23	bfd/ChangeLog \| 7 +++++++
		24	bfd/elf.c \| 5 +++--
		25	2 files changed, 10 insertions(+), 2 deletions(-)
		26
		27	Index: git/bfd/elf.c
		28	===================================================================
		29	--- git.orig/bfd/elf.c
		30	+++ git/bfd/elf.c
		31	@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
		32
		33	hdr = &elf_tdata (abfd)->dynverref_hdr;
		34
		35	- if (hdr->sh_info == 0 \|\| hdr->sh_size < sizeof (Elf_External_Verneed))
		36	+ if (hdr->sh_info == 0
		37	+ \|\| hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed))
		38	{
		39	error_return_bad_verref:
		40	_bfd_error_handler
		41	@@ -8219,7 +8220,7 @@ error_return_verref:
		42	goto error_return_verref;
		43
		44	elf_tdata (abfd)->verref = (Elf_Internal_Verneed *)
		45	- bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
		46	+ bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
		47
		48	if (elf_tdata (abfd)->verref == NULL)
		49	goto error_return_verref;
		50	Index: git/bfd/ChangeLog
		51	===================================================================
		52	--- git.orig/bfd/ChangeLog
		53	+++ git/bfd/ChangeLog
		54	@@ -1,3 +1,10 @@
		55	+2017-09-24 Alan Modra <amodra@gmail.com>
		56	+
		57	+ PR 22166
		58	+ * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
		59	+ SHT_GNU_verneed section for sanity. Don't zalloc memory for
		60	+ verref.
		61	+
		62	2017-09-26 Alan Modra <amodra@gmail.com>
		63
		64	PR 22210