diff options
| author | Yuanjie Huang <Yuanjie.Huang@windriver.com> | 2017-05-31 01:37:57 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-08-29 16:50:52 +0100 |
| commit | c7e48934c9560a507c7899a77bf02941ef52aec7 (patch) | |
| tree | 6677867188fc6ab50aa5d2a300107b1e77f8d6bf /meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch | |
| parent | 6131129c0ad6d2f679a7580c6ccbfd0989ea4f6a (diff) | |
| download | poky-c7e48934c9560a507c7899a77bf02941ef52aec7.tar.gz | |
binutils: fix CVE-2017-6969 in readelf
CVE: CVE-2017-6969
[BZ 21156] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21156
PR binutils/21156: Fix illegal memory accesses in readelf when
ing a corrupt binary.
PR binutils/21156: Fix another memory access error in readelf when
parsing a corrupt binary.
(From OE-Core rev: 565d4b9432c898e4483f392a91f4b4aaebb4b184)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch new file mode 100644 index 0000000000..3d036c4cf6 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch | |||
| @@ -0,0 +1,56 @@ | |||
| 1 | From 489246368e2c49a795ad5ecbc8895cbc854292fa Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Nick Clifton <nickc@redhat.com> | ||
| 3 | Date: Fri, 17 Feb 2017 15:59:45 +0000 | ||
| 4 | Subject: Fix illegal memory accesses in readelf when parsing a corrupt binary. | ||
| 5 | |||
| 6 | PR binutils/21156 | ||
| 7 | * readelf.c (find_section_in_set): Test for invalid section | ||
| 8 | indicies. | ||
| 9 | |||
| 10 | CVE: CVE-2017-6969 | ||
| 11 | Upstream-Status: Backport [master] | ||
| 12 | |||
| 13 | Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> | ||
| 14 | --- | ||
| 15 | binutils/ChangeLog | 6 ++++++ | ||
| 16 | binutils/readelf.c | 10 ++++++++-- | ||
| 17 | 2 files changed, 14 insertions(+), 2 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/binutils/ChangeLog b/binutils/ChangeLog | ||
| 20 | index a70bdb7a7b..dbf8eb079e 100644 | ||
| 21 | --- a/binutils/ChangeLog | ||
| 22 | +++ b/binutils/ChangeLog | ||
| 23 | @@ -1,3 +1,9 @@ | ||
| 24 | +2017-02-17 Nick Clifton <nickc@redhat.com> | ||
| 25 | + | ||
| 26 | + PR binutils/21156 | ||
| 27 | + * readelf.c (find_section_in_set): Test for invalid section | ||
| 28 | + indicies. | ||
| 29 | + | ||
| 30 | 2016-08-03 Tristan Gingold <gingold@adacore.com> | ||
| 31 | |||
| 32 | * configure: Regenerate. | ||
| 33 | diff --git a/binutils/readelf.c b/binutils/readelf.c | ||
| 34 | index d31558c3b4..7f7365dbc5 100644 | ||
| 35 | --- a/binutils/readelf.c | ||
| 36 | +++ b/binutils/readelf.c | ||
| 37 | @@ -674,8 +674,14 @@ find_section_in_set (const char * name, unsigned int * set) | ||
| 38 | if (set != NULL) | ||
| 39 | { | ||
| 40 | while ((i = *set++) > 0) | ||
| 41 | - if (streq (SECTION_NAME (section_headers + i), name)) | ||
| 42 | - return section_headers + i; | ||
| 43 | + { | ||
| 44 | + /* See PR 21156 for a reproducer. */ | ||
| 45 | + if (i >= elf_header.e_shnum) | ||
| 46 | + continue; /* FIXME: Should we issue an error message ? */ | ||
| 47 | + | ||
| 48 | + if (streq (SECTION_NAME (section_headers + i), name)) | ||
| 49 | + return section_headers + i; | ||
| 50 | + } | ||
| 51 | } | ||
| 52 | |||
| 53 | return find_section (name); | ||
| 54 | -- | ||
| 55 | 2.11.0 | ||
| 56 | |||