diff options
author | Yuanjie Huang <yuanjie.huang@windriver.com> | 2017-05-24 02:55:17 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-06-05 23:30:21 +0100 |
commit | 829e2027b6c7f4f2d6fa03e158bfe371b7848919 (patch) | |
tree | 38aad6ecf17dcfcaca7bd92a7283710682eb0104 /meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch | |
parent | c2c48f26455fda4baa98a8685e990aed9368813b (diff) | |
download | poky-829e2027b6c7f4f2d6fa03e158bfe371b7848919.tar.gz |
binutils: fix CVE-2017-6969 in readelf
CVE: CVE-2017-6969
[BZ 21156] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21156
PR binutils/21156: Fix illegal memory accesses in readelf when
ing a corrupt binary.
PR binutils/21156: Fix another memory access error in readelf when
parsing a corrupt binary.
(From OE-Core rev: de04c9811f7ce5179ba261bd8eae921d7873d6cd)
(From OE-Core rev: ae0e01474623969dc193687d59fb5a65ab4d42bc)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch new file mode 100644 index 0000000000..ed5403430c --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch | |||
@@ -0,0 +1,57 @@ | |||
1 | From 1d9a2696903fc59d6a936f4ab4e4407ef329d066 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Fri, 17 Feb 2017 15:59:45 +0000 | ||
4 | Subject: Fix illegal memory accesses in readelf when parsing | ||
5 | a corrupt binary. | ||
6 | |||
7 | PR binutils/21156 | ||
8 | * readelf.c (find_section_in_set): Test for invalid section | ||
9 | indicies. | ||
10 | |||
11 | CVE: CVE-2017-6969 | ||
12 | Upstream-Status: Backport [master] | ||
13 | |||
14 | Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> | ||
15 | --- | ||
16 | binutils/ChangeLog | 6 ++++++ | ||
17 | binutils/readelf.c | 10 ++++++++-- | ||
18 | 2 files changed, 14 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/binutils/ChangeLog b/binutils/ChangeLog | ||
21 | index bd63c8a0d8..1d840b42f9 100644 | ||
22 | --- a/binutils/ChangeLog | ||
23 | +++ b/binutils/ChangeLog | ||
24 | @@ -1,3 +1,9 @@ | ||
25 | +2017-02-17 Nick Clifton <nickc@redhat.com> | ||
26 | + | ||
27 | + PR binutils/21156 | ||
28 | + * readelf.c (find_section_in_set): Test for invalid section | ||
29 | + indicies. | ||
30 | + | ||
31 | 2017-02-13 Nick Clifton <nickc@redhat.com> | ||
32 | |||
33 | PR binutils/21139 | ||
34 | diff --git a/binutils/readelf.c b/binutils/readelf.c | ||
35 | index 7c158c6342..4960491c5c 100644 | ||
36 | --- a/binutils/readelf.c | ||
37 | +++ b/binutils/readelf.c | ||
38 | @@ -675,8 +675,14 @@ find_section_in_set (const char * name, unsigned int * set) | ||
39 | if (set != NULL) | ||
40 | { | ||
41 | while ((i = *set++) > 0) | ||
42 | - if (streq (SECTION_NAME (section_headers + i), name)) | ||
43 | - return section_headers + i; | ||
44 | + { | ||
45 | + /* See PR 21156 for a reproducer. */ | ||
46 | + if (i >= elf_header.e_shnum) | ||
47 | + continue; /* FIXME: Should we issue an error message ? */ | ||
48 | + | ||
49 | + if (streq (SECTION_NAME (section_headers + i), name)) | ||
50 | + return section_headers + i; | ||
51 | + } | ||
52 | } | ||
53 | |||
54 | return find_section (name); | ||
55 | -- | ||
56 | 2.11.0 | ||
57 | |||