binutils: fix CVE-2019-14250 CVE-2019-14444

(From OE-Core rev: 41579d569738a23b80d4599fd6ec082488c6cfee) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Anuj Mittal <anuj.mittal@intel.com> 2019-08-19 21:47:08 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-09-30 16:44:42 +0100
commit: b3f4f862a76293ddb0310400777686c9424a6784 (patch)
tree: 9ef37a6425e9bdb62b01405093463059109367d9 /meta/recipes-devtools/binutils/binutils
parent: 6438f794f6196b3c68eb23ce381a40973ef292c1 (diff)
download: poky-b3f4f862a76293ddb0310400777686c9424a6784.tar.gz
2 files changed, 61 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch
new file mode 100644
index 0000000000..c915a832b0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch
@@ -0,0 +1,33 @@
+From df78be05daf4eb07f60f50ec1080cb979af32ec0 Mon Sep 17 00:00:00 2001
+From: marxin <marxin@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Tue, 23 Jul 2019 07:33:32 +0000
+Subject: [PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@273718 138bc75d-0d04-0410-961f-82ee72b054a4
+CVE: CVE-2019-14250
+Upstream-Status: Backport [from gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=273718]
+[Removed Changelog entry]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+diff --git a/libiberty/simple-object-elf.c b/libiberty/simple-object-elf.c
+index 502388991a08..bdee963634d6 100644
+--- a/libiberty/simple-object-elf.c
+++ b/libiberty/simple-object-elf.c
+@@ -548,7 +548,15 @@ simple_object_elf_match (unsigned char header[SIMPLE_OBJECT_MATCH_HEADER_LEN],
+       XDELETE (eor);
+       return NULL;
+     }
+-
+  
+  if (eor->shstrndx == 0)
+    {
+      *errmsg = "invalid ELF shstrndx == 0";
+      *err = 0;
+      XDELETE (eor);
+      return NULL;
+    }
+  
+   return (void *) eor;
+ }
+ 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
new file mode 100644
index 0000000000..85b9a9f916
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
@@ -0,0 +1,28 @@
+From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 5 Aug 2019 10:40:35 +0100
+Subject: [PATCH] Catch potential integer overflow in readelf when processing
+ corrupt binaries.
+        PR 24829
+        * readelf.c (apply_relocations): Catch potential integer overflow
+        whilst checking reloc location against section size.
+CVE: CVE-2019-14444
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7]
+[Removed Changelog entry]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index b896ad9f406..e785fde43e7 100644
+--- a/binutils/readelf.c
+++ b/binutils/readelf.c
+@@ -13366,7 +13366,7 @@ apply_relocations (Filedata *                 filedata,
+            }
+ 
+          rloc = start + rp->r_offset;
+-         if ((rloc + reloc_size) > end || (rloc < start))
+         if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
+            {
+              warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
+                    (unsigned long) rp->r_offset,
author	Anuj Mittal <anuj.mittal@intel.com>	2019-08-19 21:47:08 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-09-30 16:44:42 +0100
commit	b3f4f862a76293ddb0310400777686c9424a6784 (patch)
tree	9ef37a6425e9bdb62b01405093463059109367d9 /meta/recipes-devtools/binutils/binutils
parent	6438f794f6196b3c68eb23ce381a40973ef292c1 (diff)
download	poky-b3f4f862a76293ddb0310400777686c9424a6784.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch new file mode 100644 index 0000000000..c915a832b0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch
@@ -0,0 +1,33 @@
	1	From df78be05daf4eb07f60f50ec1080cb979af32ec0 Mon Sep 17 00:00:00 2001
	2	From: marxin <marxin@138bc75d-0d04-0410-961f-82ee72b054a4>
	3	Date: Tue, 23 Jul 2019 07:33:32 +0000
	4	Subject: [PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c
	5
	6	git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@273718 138bc75d-0d04-0410-961f-82ee72b054a4
	7
	8	CVE: CVE-2019-14250
	9	Upstream-Status: Backport [from gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=273718]
	10	[Removed Changelog entry]
	11	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
	12	---
	13	diff --git a/libiberty/simple-object-elf.c b/libiberty/simple-object-elf.c
	14	index 502388991a08..bdee963634d6 100644
	15	--- a/libiberty/simple-object-elf.c
	16	+++ b/libiberty/simple-object-elf.c
	17	@@ -548,7 +548,15 @@ simple_object_elf_match (unsigned char header[SIMPLE_OBJECT_MATCH_HEADER_LEN],
	18	XDELETE (eor);
	19	return NULL;
	20	}
	21	-
	22	+
	23	+ if (eor->shstrndx == 0)
	24	+ {
	25	+ *errmsg = "invalid ELF shstrndx == 0";
	26	+ *err = 0;
	27	+ XDELETE (eor);
	28	+ return NULL;
	29	+ }
	30	+
	31	return (void *) eor;
	32	}
	33


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch new file mode 100644 index 0000000000..85b9a9f916 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
@@ -0,0 +1,28 @@
	1	From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
	2	From: Nick Clifton <nickc@redhat.com>
	3	Date: Mon, 5 Aug 2019 10:40:35 +0100
	4	Subject: [PATCH] Catch potential integer overflow in readelf when processing
	5	corrupt binaries.
	6
	7	PR 24829
	8	* readelf.c (apply_relocations): Catch potential integer overflow
	9	whilst checking reloc location against section size.
	10
	11	CVE: CVE-2019-14444
	12	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7]
	13	[Removed Changelog entry]
	14	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
	15	---
	16	diff --git a/binutils/readelf.c b/binutils/readelf.c
	17	index b896ad9f406..e785fde43e7 100644
	18	--- a/binutils/readelf.c
	19	+++ b/binutils/readelf.c
	20	@@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata,
	21	}
	22
	23	rloc = start + rp->r_offset;
	24	- if ((rloc + reloc_size) > end \|\| (rloc < start))
	25	+ if (rloc >= end \|\| (rloc + reloc_size) > end \|\| (rloc < start))
	26	{
	27	warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
	28	(unsigned long) rp->r_offset,