diff options
author | Anuj Mittal <anuj.mittal@intel.com> | 2019-08-19 21:43:11 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-08-21 21:52:59 +0100 |
commit | 7ef44dbd3b99a2150b552cbe8941dd592197eb43 (patch) | |
tree | de74e25485d458c8fe2355b7eff8cd6289abe4ac /meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch | |
parent | eaa58d850adde0460697ab44653a5a99cb58ccc2 (diff) | |
download | poky-7ef44dbd3b99a2150b552cbe8941dd592197eb43.tar.gz |
binutils: fix CVE-2019-14250 CVE-2019-14444
(From OE-Core rev: abdc51527988afdcfd2db6dc08ebb6083a341be9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch new file mode 100644 index 0000000000..85b9a9f916 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Mon, 5 Aug 2019 10:40:35 +0100 | ||
4 | Subject: [PATCH] Catch potential integer overflow in readelf when processing | ||
5 | corrupt binaries. | ||
6 | |||
7 | PR 24829 | ||
8 | * readelf.c (apply_relocations): Catch potential integer overflow | ||
9 | whilst checking reloc location against section size. | ||
10 | |||
11 | CVE: CVE-2019-14444 | ||
12 | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7] | ||
13 | [Removed Changelog entry] | ||
14 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
15 | --- | ||
16 | diff --git a/binutils/readelf.c b/binutils/readelf.c | ||
17 | index b896ad9f406..e785fde43e7 100644 | ||
18 | --- a/binutils/readelf.c | ||
19 | +++ b/binutils/readelf.c | ||
20 | @@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata, | ||
21 | } | ||
22 | |||
23 | rloc = start + rp->r_offset; | ||
24 | - if ((rloc + reloc_size) > end || (rloc < start)) | ||
25 | + if (rloc >= end || (rloc + reloc_size) > end || (rloc < start)) | ||
26 | { | ||
27 | warn (_("skipping invalid relocation offset 0x%lx in section %s\n"), | ||
28 | (unsigned long) rp->r_offset, | ||