diff options
| author | Anuj Mittal <anuj.mittal@intel.com> | 2019-07-25 12:02:56 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-09-30 16:44:41 +0100 |
| commit | 552d3d8e1f14345216ed8addcf923be7772187f3 (patch) | |
| tree | 850f02966d4612bbf9e74111d24ba7e13cd928c4 /meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch | |
| parent | 6d2e12e79211b31cdf5ea824fb9a8be54ba9a9eb (diff) | |
| download | poky-552d3d8e1f14345216ed8addcf923be7772187f3.tar.gz | |
binutils: fix CVE-2019-12972 CVE-2019-9071
(From OE-Core rev: 093f0914f261a27d58ecba9c1e9d3b78a35af012)
(From OE-Core rev: 9422bf471953c8e548a369574d960791ceb28a24)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch new file mode 100644 index 0000000000..07d1d65467 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch | |||
| @@ -0,0 +1,51 @@ | |||
| 1 | From 30bcc01478433a1cb05b36dc5c4beef7d2c89b5b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alan Modra <amodra@gmail.com> | ||
| 3 | Date: Fri, 21 Jun 2019 11:51:38 +0930 | ||
| 4 | Subject: [PATCH] PR24689, string table corruption | ||
| 5 | |||
| 6 | The testcase in the PR had a e_shstrndx section of type SHT_GROUP. | ||
| 7 | hdr->contents were initialized by setup_group rather than being read | ||
| 8 | from the file, thus last byte was not zero and string dereference ran | ||
| 9 | off the end of the buffer. | ||
| 10 | |||
| 11 | PR 24689 | ||
| 12 | * elfcode.h (elf_object_p): Check type of e_shstrndx section. | ||
| 13 | |||
| 14 | Upstream-Status: Backport | ||
| 15 | CVE: CVE-2019-12972 | ||
| 16 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
| 17 | --- | ||
| 18 | bfd/ChangeLog | 5 +++++ | ||
| 19 | bfd/elfcode.h | 3 ++- | ||
| 20 | 2 files changed, 7 insertions(+), 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/bfd/ChangeLog b/bfd/ChangeLog | ||
| 23 | index 91f09e6346..e66fb40a2c 100644 | ||
| 24 | --- a/bfd/ChangeLog | ||
| 25 | +++ b/bfd/ChangeLog | ||
| 26 | @@ -1,3 +1,8 @@ | ||
| 27 | +2019-06-21 Alan Modra <amodra@gmail.com> | ||
| 28 | + | ||
| 29 | + PR 24689 | ||
| 30 | + * elfcode.h (elf_object_p): Check type of e_shstrndx section. | ||
| 31 | + | ||
| 32 | 2019-02-20 Alan Modra <amodra@gmail.com> | ||
| 33 | |||
| 34 | PR 24236 | ||
| 35 | diff --git a/bfd/elfcode.h b/bfd/elfcode.h | ||
| 36 | index ec5ea766de..a35a629087 100644 | ||
| 37 | --- a/bfd/elfcode.h | ||
| 38 | +++ b/bfd/elfcode.h | ||
| 39 | @@ -755,7 +755,8 @@ elf_object_p (bfd *abfd) | ||
| 40 | /* A further sanity check. */ | ||
| 41 | if (i_ehdrp->e_shnum != 0) | ||
| 42 | { | ||
| 43 | - if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)) | ||
| 44 | + if (i_ehdrp->e_shstrndx >= elf_numsections (abfd) | ||
| 45 | + || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB) | ||
| 46 | { | ||
| 47 | /* PR 2257: | ||
| 48 | We used to just goto got_wrong_format_error here | ||
| 49 | -- | ||
| 50 | 2.20.1 | ||
| 51 | |||