summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils
diff options
context:
space:
mode:
authorAnuj Mittal <anuj.mittal@intel.com>2019-08-19 21:43:11 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-08-21 21:52:59 +0100
commit7ef44dbd3b99a2150b552cbe8941dd592197eb43 (patch)
treede74e25485d458c8fe2355b7eff8cd6289abe4ac /meta/recipes-devtools/binutils
parenteaa58d850adde0460697ab44653a5a99cb58ccc2 (diff)
downloadpoky-7ef44dbd3b99a2150b552cbe8941dd592197eb43.tar.gz
binutils: fix CVE-2019-14250 CVE-2019-14444
(From OE-Core rev: abdc51527988afdcfd2db6dc08ebb6083a341be9) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.32.inc2
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch33
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch28
3 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 31c24a37f5..d3c52936d1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -50,6 +50,8 @@ SRC_URI = "\
50 file://CVE-2019-9077.patch \ 50 file://CVE-2019-9077.patch \
51 file://CVE-2019-9071.patch \ 51 file://CVE-2019-9071.patch \
52 file://CVE-2019-12972.patch \ 52 file://CVE-2019-12972.patch \
53 file://CVE-2019-14250.patch \
54 file://CVE-2019-14444.patch \
53" 55"
54S = "${WORKDIR}/git" 56S = "${WORKDIR}/git"
55 57
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch
new file mode 100644
index 0000000000..c915a832b0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch
@@ -0,0 +1,33 @@
1From df78be05daf4eb07f60f50ec1080cb979af32ec0 Mon Sep 17 00:00:00 2001
2From: marxin <marxin@138bc75d-0d04-0410-961f-82ee72b054a4>
3Date: Tue, 23 Jul 2019 07:33:32 +0000
4Subject: [PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c
5
6git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@273718 138bc75d-0d04-0410-961f-82ee72b054a4
7
8CVE: CVE-2019-14250
9Upstream-Status: Backport [from gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=273718]
10[Removed Changelog entry]
11Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
12---
13diff --git a/libiberty/simple-object-elf.c b/libiberty/simple-object-elf.c
14index 502388991a08..bdee963634d6 100644
15--- a/libiberty/simple-object-elf.c
16+++ b/libiberty/simple-object-elf.c
17@@ -548,7 +548,15 @@ simple_object_elf_match (unsigned char header[SIMPLE_OBJECT_MATCH_HEADER_LEN],
18 XDELETE (eor);
19 return NULL;
20 }
21-
22+
23+ if (eor->shstrndx == 0)
24+ {
25+ *errmsg = "invalid ELF shstrndx == 0";
26+ *err = 0;
27+ XDELETE (eor);
28+ return NULL;
29+ }
30+
31 return (void *) eor;
32 }
33
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
new file mode 100644
index 0000000000..85b9a9f916
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
@@ -0,0 +1,28 @@
1From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
2From: Nick Clifton <nickc@redhat.com>
3Date: Mon, 5 Aug 2019 10:40:35 +0100
4Subject: [PATCH] Catch potential integer overflow in readelf when processing
5 corrupt binaries.
6
7 PR 24829
8 * readelf.c (apply_relocations): Catch potential integer overflow
9 whilst checking reloc location against section size.
10
11CVE: CVE-2019-14444
12Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7]
13[Removed Changelog entry]
14Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
15---
16diff --git a/binutils/readelf.c b/binutils/readelf.c
17index b896ad9f406..e785fde43e7 100644
18--- a/binutils/readelf.c
19+++ b/binutils/readelf.c
20@@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata,
21 }
22
23 rloc = start + rp->r_offset;
24- if ((rloc + reloc_size) > end || (rloc < start))
25+ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
26 {
27 warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
28 (unsigned long) rp->r_offset,