binutils: Fix CVE-2017-6965 and CVE-2017-6966 - linux/poky.git

diff options

author	Yuanjie Huang <yuanjie.huang@windriver.com>	2017-04-11 00:00:24 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-04-11 18:10:18 +0100
commit	ca22ef73d03ec5140493f29d1fe0cb6c0400c307 (patch)
tree	09daa69eb2bb69fd5738ccbec10d01769eb1cf8a /meta/classes
parent	40bf913a720f3c0db57d4ab003cbacda40f50c69 (diff)
download	poky-ca22ef73d03ec5140493f29d1fe0cb6c0400c307.tar.gz

binutils: Fix CVE-2017-6965 and CVE-2017-6966

Backport upstream commit to address vulnerabilities: CVE: CVE-2017-6965 [BZ 21137] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21137 Fix readelf writing to illegal addresses whilst processing corrupt input files containing symbol-difference relocations. PR binutils/21137 * readelf.c (target_specific_reloc_handling): Add end parameter. Check for buffer overflow before writing relocated values. (apply_relocations): Pass end to target_specific_reloc_handling. CVE: CVE-2017-6966 [BZ 21139] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21139 Fix read-after-free error in readelf when processing multiple, relocated sections in an MSP430 binary. PR binutils/21139 * readelf.c (target_specific_reloc_handling): Add num_syms parameter. Check for symbol table overflow before accessing symbol value. If reloc pointer is NULL, discard all saved state. (apply_relocations): Pass num_syms to target_specific_reloc_handling. Call target_specific_reloc_handling with a NULL reloc pointer after processing all of the relocs. (From OE-Core rev: 8c52a530ba2beb438aa47956bcec3777a1eafe5f) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/classes')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: