diff options
author | Armin Kuster <akuster808@gmail.com> | 2017-11-26 13:32:10 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-12-11 22:02:58 +0000 |
commit | e963ce2d79b81d025aa144d6780638c73c0acf6b (patch) | |
tree | a08cb634079d3b695b990a0ac185372b93408132 | |
parent | 7ac79cbbe146f8a3904c1922489fde14b95a8e7d (diff) | |
download | poky-e963ce2d79b81d025aa144d6780638c73c0acf6b.tar.gz |
binutils: Security fix for CVE-2017-9039
Affects: <= 2.28
(From OE-Core rev: 1d467814bfc36755a7a795aa3d1c4d2d2e083171)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.28.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch | 61 |
2 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index 377165a7ff..b8199a42ff 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc | |||
@@ -52,6 +52,7 @@ SRC_URI = "\ | |||
52 | file://CVE-2017-8398.patch \ | 52 | file://CVE-2017-8398.patch \ |
53 | file://CVE-2017-8421.patch \ | 53 | file://CVE-2017-8421.patch \ |
54 | file://CVE-2017-9038_9044.patch \ | 54 | file://CVE-2017-9038_9044.patch \ |
55 | file://CVE-2017-9039.patch \ | ||
55 | " | 56 | " |
56 | S = "${WORKDIR}/git" | 57 | S = "${WORKDIR}/git" |
57 | 58 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch new file mode 100644 index 0000000000..aed8f7f408 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | From 82156ab704b08b124d319c0decdbd48b3ca2dac5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Mon, 3 Apr 2017 12:14:06 +0100 | ||
4 | Subject: [PATCH] readelf: Fix overlarge memory allocation when reading a | ||
5 | binary with an excessive number of program headers. | ||
6 | |||
7 | PR binutils/21345 | ||
8 | * readelf.c (get_program_headers): Check for there being too many | ||
9 | program headers before attempting to allocate space for them. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | CVE: CVE-2017-9039 | ||
13 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
14 | |||
15 | --- | ||
16 | binutils/ChangeLog | 6 ++++++ | ||
17 | binutils/readelf.c | 17 ++++++++++++++--- | ||
18 | 2 files changed, 20 insertions(+), 3 deletions(-) | ||
19 | |||
20 | Index: git/binutils/readelf.c | ||
21 | =================================================================== | ||
22 | --- git.orig/binutils/readelf.c | ||
23 | +++ git/binutils/readelf.c | ||
24 | @@ -4765,9 +4765,19 @@ get_program_headers (FILE * file) | ||
25 | if (program_headers != NULL) | ||
26 | return 1; | ||
27 | |||
28 | - phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum, | ||
29 | - sizeof (Elf_Internal_Phdr)); | ||
30 | + /* Be kind to memory checkers by looking for | ||
31 | + e_phnum values which we know must be invalid. */ | ||
32 | + if (elf_header.e_phnum | ||
33 | + * (is_32bit_elf ? sizeof (Elf32_External_Phdr) : sizeof (Elf64_External_Phdr)) | ||
34 | + >= current_file_size) | ||
35 | + { | ||
36 | + error (_("Too many program headers - %#x - the file is not that big\n"), | ||
37 | + elf_header.e_phnum); | ||
38 | + return FALSE; | ||
39 | + } | ||
40 | |||
41 | + phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum, | ||
42 | + sizeof (Elf_Internal_Phdr)); | ||
43 | if (phdrs == NULL) | ||
44 | { | ||
45 | error (_("Out of memory reading %u program headers\n"), | ||
46 | Index: git/binutils/ChangeLog | ||
47 | =================================================================== | ||
48 | --- git.orig/binutils/ChangeLog | ||
49 | +++ git/binutils/ChangeLog | ||
50 | @@ -1,5 +1,11 @@ | ||
51 | 2017-04-03 Nick Clifton <nickc@redhat.com> | ||
52 | |||
53 | + PR binutils/21345 | ||
54 | + * readelf.c (get_program_headers): Check for there being too many | ||
55 | + program headers before attempting to allocate space for them. | ||
56 | + | ||
57 | +2017-04-03 Nick Clifton <nickc@redhat.com> | ||
58 | + | ||
59 | PR binutils/21343 | ||
60 | * readelf.c (get_unwind_section_word): Fix snafu checking for | ||
61 | invalid word offsets in ARM unwind information. | ||