diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-21 20:35:41 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:10:09 +0000 |
commit | e7f53f5fe5f5977c2f5fe206052e8c6d0b3bd1a2 (patch) | |
tree | 1a0a44389b788f97b3e49fd9753610616f6b526c /meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch | |
parent | ab884ff9a788aa9f1f844407e4cb1dac419447e5 (diff) | |
download | poky-e7f53f5fe5f5977c2f5fe206052e8c6d0b3bd1a2.tar.gz |
binutils: CVE-2017-9955
Source: binutils-gdb.git
MR: 73893
Type: Security Fix
Disposition: Backport from 'binutils-gdb.git/master' branch
ChangeID: 94c3ef8c1fa2e84e84ad76fb45307848d98817c8
Description:
PR 21665 : Fixed multiple heap based buffer overflow
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: a36978f0dd372ec836f63942f965652ca3716e3f)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch | 360 |
1 files changed, 360 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch new file mode 100644 index 0000000000..2f50337dab --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch | |||
@@ -0,0 +1,360 @@ | |||
1 | commit 8e2f54bcee7e3e8315d4a39a302eaf8e4389e07d | ||
2 | Author: H.J. Lu <hjl.tools@gmail.com> | ||
3 | Date: Tue May 30 06:34:05 2017 -0700 | ||
4 | |||
5 | Add bfd_get_file_size to get archive element size | ||
6 | |||
7 | We can't use stat() to get archive element size. Add bfd_get_file_size | ||
8 | to get size for both normal files and archive elements. | ||
9 | |||
10 | bfd/ | ||
11 | |||
12 | PR binutils/21519 | ||
13 | * bfdio.c (bfd_get_file_size): New function. | ||
14 | * bfd-in2.h: Regenerated. | ||
15 | |||
16 | binutils/ | ||
17 | |||
18 | PR binutils/21519 | ||
19 | * objdump.c (dump_relocs_in_section): Replace get_file_size | ||
20 | with bfd_get_file_size to get archive element size. | ||
21 | * testsuite/binutils-all/objdump.exp (test_objdump_f): New | ||
22 | proc. | ||
23 | (test_objdump_h): Likewise. | ||
24 | (test_objdump_t): Likewise. | ||
25 | (test_objdump_r): Likewise. | ||
26 | (test_objdump_s): Likewise. | ||
27 | Add objdump tests on archive. | ||
28 | |||
29 | Upstream-Status: Backport | ||
30 | |||
31 | CVE: CVE-2017-9955 | ||
32 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
33 | |||
34 | Index: git/bfd/bfd-in2.h | ||
35 | =================================================================== | ||
36 | --- git.orig/bfd/bfd-in2.h 2017-09-21 20:09:13.475032861 +0530 | ||
37 | +++ git/bfd/bfd-in2.h 2017-09-21 20:09:16.375051269 +0530 | ||
38 | @@ -1208,6 +1208,8 @@ | ||
39 | |||
40 | file_ptr bfd_get_size (bfd *abfd); | ||
41 | |||
42 | +file_ptr bfd_get_file_size (bfd *abfd); | ||
43 | + | ||
44 | void *bfd_mmap (bfd *abfd, void *addr, bfd_size_type len, | ||
45 | int prot, int flags, file_ptr offset, | ||
46 | void **map_addr, bfd_size_type *map_len); | ||
47 | Index: git/bfd/bfdio.c | ||
48 | =================================================================== | ||
49 | --- git.orig/bfd/bfdio.c 2017-09-21 20:08:55.774919453 +0530 | ||
50 | +++ git/bfd/bfdio.c 2017-09-21 20:09:16.375051269 +0530 | ||
51 | @@ -434,6 +434,29 @@ | ||
52 | return buf.st_size; | ||
53 | } | ||
54 | |||
55 | +/* | ||
56 | +FUNCTION | ||
57 | + bfd_get_file_size | ||
58 | + | ||
59 | +SYNOPSIS | ||
60 | + file_ptr bfd_get_file_size (bfd *abfd); | ||
61 | + | ||
62 | +DESCRIPTION | ||
63 | + Return the file size (as read from file system) for the file | ||
64 | + associated with BFD @var{abfd}. It supports both normal files | ||
65 | + and archive elements. | ||
66 | + | ||
67 | +*/ | ||
68 | + | ||
69 | +file_ptr | ||
70 | +bfd_get_file_size (bfd *abfd) | ||
71 | +{ | ||
72 | + if (abfd->my_archive != NULL | ||
73 | + && !bfd_is_thin_archive (abfd->my_archive)) | ||
74 | + return arelt_size (abfd); | ||
75 | + | ||
76 | + return bfd_get_size (abfd); | ||
77 | +} | ||
78 | |||
79 | /* | ||
80 | FUNCTION | ||
81 | Index: git/binutils/objdump.c | ||
82 | =================================================================== | ||
83 | --- git.orig/binutils/objdump.c 2017-09-21 20:09:16.319050914 +0530 | ||
84 | +++ git/binutils/objdump.c 2017-09-21 20:09:16.375051269 +0530 | ||
85 | @@ -3240,7 +3240,7 @@ | ||
86 | } | ||
87 | |||
88 | if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0 | ||
89 | - && relsize > get_file_size (bfd_get_filename (abfd))) | ||
90 | + && relsize > bfd_get_file_size (abfd)) | ||
91 | { | ||
92 | printf (" (too many: 0x%x)\n", section->reloc_count); | ||
93 | bfd_set_error (bfd_error_file_truncated); | ||
94 | Index: git/binutils/testsuite/binutils-all/objdump.exp | ||
95 | =================================================================== | ||
96 | --- git.orig/binutils/testsuite/binutils-all/objdump.exp 2017-09-21 20:08:55.982920797 +0530 | ||
97 | +++ git/binutils/testsuite/binutils-all/objdump.exp 2017-09-21 20:09:16.375051269 +0530 | ||
98 | @@ -64,96 +64,168 @@ | ||
99 | if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest.o]} then { | ||
100 | return | ||
101 | } | ||
102 | +if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest2.o]} then { | ||
103 | + return | ||
104 | +} | ||
105 | if [is_remote host] { | ||
106 | set testfile [remote_download host tmpdir/bintest.o] | ||
107 | + set testfile2 [remote_download host tmpdir/bintest2.o] | ||
108 | } else { | ||
109 | set testfile tmpdir/bintest.o | ||
110 | + set testfile2 tmpdir/bintest2.o | ||
111 | +} | ||
112 | + | ||
113 | +if { ![istarget "alpha-*-*"] || [is_elf_format] } then { | ||
114 | + remote_file host file delete tmpdir/bintest.a | ||
115 | + set got [binutils_run $AR "rc tmpdir/bintest.a $testfile2"] | ||
116 | + if ![string match "" $got] then { | ||
117 | + fail "bintest.a" | ||
118 | + remote_file host delete tmpdir/bintest.a | ||
119 | + } else { | ||
120 | + if [is_remote host] { | ||
121 | + set testarchive [remote_download host tmpdir/bintest.a] | ||
122 | + } else { | ||
123 | + set testarchive tmpdir/bintest.a | ||
124 | + } | ||
125 | + } | ||
126 | + remote_file host delete tmpdir/bintest2.o | ||
127 | } | ||
128 | |||
129 | # Test objdump -f | ||
130 | |||
131 | -set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"] | ||
132 | +proc test_objdump_f { testfile dumpfile } { | ||
133 | + global OBJDUMP | ||
134 | + global OBJDUMPFLAGS | ||
135 | + global cpus_regex | ||
136 | |||
137 | -set want "$testfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS" | ||
138 | + set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"] | ||
139 | |||
140 | -if ![regexp $want $got] then { | ||
141 | - fail "objdump -f" | ||
142 | -} else { | ||
143 | - pass "objdump -f" | ||
144 | + set want "$dumpfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS" | ||
145 | + | ||
146 | + if ![regexp $want $got] then { | ||
147 | + fail "objdump -f ($testfile, $dumpfile)" | ||
148 | + } else { | ||
149 | + pass "objdump -f ($testfile, $dumpfile)" | ||
150 | + } | ||
151 | +} | ||
152 | + | ||
153 | +test_objdump_f $testfile $testfile | ||
154 | +if { [ remote_file host exists $testarchive ] } then { | ||
155 | + test_objdump_f $testarchive bintest2.o | ||
156 | } | ||
157 | |||
158 | # Test objdump -h | ||
159 | |||
160 | -set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"] | ||
161 | +proc test_objdump_h { testfile dumpfile } { | ||
162 | + global OBJDUMP | ||
163 | + global OBJDUMPFLAGS | ||
164 | |||
165 | -set want "$testfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)" | ||
166 | + set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"] | ||
167 | |||
168 | -if ![regexp $want $got all text_name text_size data_name data_size] then { | ||
169 | - fail "objdump -h" | ||
170 | -} else { | ||
171 | - verbose "text name is $text_name size is $text_size" | ||
172 | - verbose "data name is $data_name size is $data_size" | ||
173 | - set ets 8 | ||
174 | - set eds 4 | ||
175 | - # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1 | ||
176 | - if [istarget *c4x*-*-*] then { | ||
177 | - set ets 2 | ||
178 | - set eds 1 | ||
179 | - } | ||
180 | - # c54x section sizes are in bytes, not octets; adjust accordingly | ||
181 | - if [istarget *c54x*-*-*] then { | ||
182 | - set ets 4 | ||
183 | - set eds 2 | ||
184 | - } | ||
185 | - if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then { | ||
186 | - send_log "sizes too small\n" | ||
187 | - fail "objdump -h" | ||
188 | + set want "$dumpfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)" | ||
189 | + | ||
190 | + if ![regexp $want $got all text_name text_size data_name data_size] then { | ||
191 | + fail "objdump -h ($testfile, $dumpfile)" | ||
192 | } else { | ||
193 | - pass "objdump -h" | ||
194 | + verbose "text name is $text_name size is $text_size" | ||
195 | + verbose "data name is $data_name size is $data_size" | ||
196 | + set ets 8 | ||
197 | + set eds 4 | ||
198 | + # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1 | ||
199 | + if [istarget *c4x*-*-*] then { | ||
200 | + set ets 2 | ||
201 | + set eds 1 | ||
202 | + } | ||
203 | + # c54x section sizes are in bytes, not octets; adjust accordingly | ||
204 | + if [istarget *c54x*-*-*] then { | ||
205 | + set ets 4 | ||
206 | + set eds 2 | ||
207 | + } | ||
208 | + if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then { | ||
209 | + send_log "sizes too small\n" | ||
210 | + fail "objdump -h ($testfile, $dumpfile)" | ||
211 | + } else { | ||
212 | + pass "objdump -h ($testfile, $dumpfile)" | ||
213 | + } | ||
214 | } | ||
215 | } | ||
216 | |||
217 | +test_objdump_h $testfile $testfile | ||
218 | +if { [ remote_file host exists $testarchive ] } then { | ||
219 | + test_objdump_h $testarchive bintest2.o | ||
220 | +} | ||
221 | + | ||
222 | # Test objdump -t | ||
223 | |||
224 | -set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"] | ||
225 | +proc test_objdump_t { testfile} { | ||
226 | + global OBJDUMP | ||
227 | + global OBJDUMPFLAGS | ||
228 | + | ||
229 | + set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"] | ||
230 | + | ||
231 | + if [info exists vars] then { unset vars } | ||
232 | + while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} { | ||
233 | + set vars($symbol) 1 | ||
234 | + set got $rest | ||
235 | + } | ||
236 | |||
237 | -if [info exists vars] then { unset vars } | ||
238 | -while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} { | ||
239 | - set vars($symbol) 1 | ||
240 | - set got $rest | ||
241 | + if {![info exists vars(text_symbol)] \ | ||
242 | + || ![info exists vars(data_symbol)] \ | ||
243 | + || ![info exists vars(common_symbol)] \ | ||
244 | + || ![info exists vars(external_symbol)]} then { | ||
245 | + fail "objdump -t ($testfile)" | ||
246 | + } else { | ||
247 | + pass "objdump -t ($testfile)" | ||
248 | + } | ||
249 | } | ||
250 | |||
251 | -if {![info exists vars(text_symbol)] \ | ||
252 | - || ![info exists vars(data_symbol)] \ | ||
253 | - || ![info exists vars(common_symbol)] \ | ||
254 | - || ![info exists vars(external_symbol)]} then { | ||
255 | - fail "objdump -t" | ||
256 | -} else { | ||
257 | - pass "objdump -t" | ||
258 | +test_objdump_t $testfile | ||
259 | +if { [ remote_file host exists $testarchive ] } then { | ||
260 | + test_objdump_t $testarchive | ||
261 | } | ||
262 | |||
263 | # Test objdump -r | ||
264 | |||
265 | -set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"] | ||
266 | +proc test_objdump_r { testfile dumpfile } { | ||
267 | + global OBJDUMP | ||
268 | + global OBJDUMPFLAGS | ||
269 | |||
270 | -set want "$testfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol" | ||
271 | + set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"] | ||
272 | |||
273 | -if [regexp $want $got] then { | ||
274 | - pass "objdump -r" | ||
275 | -} else { | ||
276 | - fail "objdump -r" | ||
277 | + set want "$dumpfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol" | ||
278 | + | ||
279 | + if [regexp $want $got] then { | ||
280 | + pass "objdump -r ($testfile, $dumpfile)" | ||
281 | + } else { | ||
282 | + fail "objdump -r ($testfile, $dumpfile)" | ||
283 | + } | ||
284 | +} | ||
285 | + | ||
286 | +test_objdump_r $testfile $testfile | ||
287 | +if { [ remote_file host exists $testarchive ] } then { | ||
288 | + test_objdump_r $testarchive bintest2.o | ||
289 | } | ||
290 | |||
291 | # Test objdump -s | ||
292 | |||
293 | -set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"] | ||
294 | +proc test_objdump_s { testfile dumpfile } { | ||
295 | + global OBJDUMP | ||
296 | + global OBJDUMPFLAGS | ||
297 | |||
298 | -set want "$testfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)" | ||
299 | + set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"] | ||
300 | |||
301 | -if [regexp $want $got] then { | ||
302 | - pass "objdump -s" | ||
303 | -} else { | ||
304 | - fail "objdump -s" | ||
305 | + set want "$dumpfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)" | ||
306 | + | ||
307 | + if [regexp $want $got] then { | ||
308 | + pass "objdump -s ($testfile, $dumpfile)" | ||
309 | + } else { | ||
310 | + fail "objdump -s ($testfile, $dumpfile)" | ||
311 | + } | ||
312 | +} | ||
313 | + | ||
314 | +test_objdump_s $testfile $testfile | ||
315 | +if { [ remote_file host exists $testarchive ] } then { | ||
316 | + test_objdump_s $testarchive bintest2.o | ||
317 | } | ||
318 | |||
319 | # Test objdump -s on a file that contains a compressed .debug section | ||
320 | Index: git/bfd/ChangeLog | ||
321 | =================================================================== | ||
322 | --- git.orig/bfd/ChangeLog 2017-09-21 20:09:16.207050204 +0530 | ||
323 | +++ git/bfd/ChangeLog 2017-09-21 20:13:41.504562787 +0530 | ||
324 | @@ -158,6 +158,12 @@ | ||
325 | (bfd_perform_relocation, bfd_install_relocation): Use it. | ||
326 | (_bfd_final_link_relocate): Likewise. | ||
327 | |||
328 | +2017-05-30 H.J. Lu <hongjiu.lu@intel.com> | ||
329 | + | ||
330 | + PR binutils/21519 | ||
331 | + * bfdio.c (bfd_get_file_size): New function. | ||
332 | + * bfd-in2.h: Regenerated. | ||
333 | + | ||
334 | 2017-04-26 Nick Clifton <nickc@redhat.com> | ||
335 | |||
336 | PR binutils/21434 | ||
337 | Index: git/binutils/ChangeLog | ||
338 | =================================================================== | ||
339 | --- git.orig/binutils/ChangeLog 2017-09-21 20:09:16.319050914 +0530 | ||
340 | +++ git/binutils/ChangeLog 2017-09-21 20:12:42.624252645 +0530 | ||
341 | @@ -25,6 +25,19 @@ | ||
342 | section size against file size, but instead use an arbitrary 2Gb | ||
343 | limit. Issue a warning message if the section is too big. | ||
344 | |||
345 | +2017-05-30 H.J. Lu <hongjiu.lu@intel.com> | ||
346 | + | ||
347 | + PR binutils/21519 | ||
348 | + * objdump.c (dump_relocs_in_section): Replace get_file_size | ||
349 | + with bfd_get_file_size to get archive element size. | ||
350 | + * testsuite/binutils-all/objdump.exp (test_objdump_f): New | ||
351 | + proc. | ||
352 | + (test_objdump_h): Likewise. | ||
353 | + (test_objdump_t): Likewise. | ||
354 | + (test_objdump_r): Likewise. | ||
355 | + (test_objdump_s): Likewise. | ||
356 | + Add objdump tests on archive. | ||
357 | + | ||
358 | 2017-05-02 Nick Clifton <nickc@redhat.com> | ||
359 | |||
360 | PR 21440 | ||