diff options
author | Yuanjie Huang <yuanjie.huang@windriver.com> | 2017-04-11 00:00:24 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-11 18:10:18 +0100 |
commit | ca22ef73d03ec5140493f29d1fe0cb6c0400c307 (patch) | |
tree | 09daa69eb2bb69fd5738ccbec10d01769eb1cf8a /meta/recipes-devtools/binutils/binutils-crosssdk_2.28.bb | |
parent | 40bf913a720f3c0db57d4ab003cbacda40f50c69 (diff) | |
download | poky-ca22ef73d03ec5140493f29d1fe0cb6c0400c307.tar.gz |
binutils: Fix CVE-2017-6965 and CVE-2017-6966
Backport upstream commit to address vulnerabilities:
CVE: CVE-2017-6965
[BZ 21137] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21137
Fix readelf writing to illegal addresses whilst processing corrupt input
files containing symbol-difference relocations.
PR binutils/21137
* readelf.c (target_specific_reloc_handling): Add end parameter.
Check for buffer overflow before writing relocated values.
(apply_relocations): Pass end to target_specific_reloc_handling.
CVE: CVE-2017-6966
[BZ 21139] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21139
Fix read-after-free error in readelf when processing multiple, relocated
sections in an MSP430 binary.
PR binutils/21139
* readelf.c (target_specific_reloc_handling): Add num_syms
parameter. Check for symbol table overflow before accessing
symbol value. If reloc pointer is NULL, discard all saved state.
(apply_relocations): Pass num_syms to target_specific_reloc_handling.
Call target_specific_reloc_handling with a NULL reloc pointer
after processing all of the relocs.
(From OE-Core rev: 8c52a530ba2beb438aa47956bcec3777a1eafe5f)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils-crosssdk_2.28.bb')
0 files changed, 0 insertions, 0 deletions