binutls: Security fix for CVE-2017-17080

Affects: <= 2.29.1 (From OE-Core rev: 238a0a40a7835226dd25134e88f830683f60dac3) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2018-08-07 16:33:02 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-08-15 10:22:45 +0100
commit: ad4d04429ac4f8b19f04b4c439ee6e815e699136 (patch)
tree: 53c7fa8216a00b9b5a3701359367dce0f3b06023 /meta/recipes-devtools/binutils
parent: 1abb9cc58e4be1c5de0e763b3cc34c3e0640679d (diff)
download: poky-ad4d04429ac4f8b19f04b4c439ee6e815e699136.tar.gz
2 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 6611fdc3a6..2a713caf5d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -60,6 +60,7 @@ SRC_URI = "\
     file://CVE-2017-16830.patch \
     file://CVE-2017-16831.patch \
     file://CVE-2017-16832.patch \
+     file://CVE-2017-17080.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch
new file mode 100644
index 0000000000..611a276def
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch
@@ -0,0 +1,78 @@
+From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 16 Nov 2017 14:53:32 +0000
+Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly
+ formated core notes.
+        PR 22421
+        * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
+        (elfcore_grok_openbsd_procinfo): Likewise.
+        (elfcore_grok_nto_status): Likewise.
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-17080 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/elf.c     | 10 ++++++++++
+ 2 files changed, 17 insertions(+)
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
+++ git/bfd/elf.c
+@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd,
+   /* Check for version 1 in pr_version.  */
+   if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1)
+     return FALSE;
+
+   offset = 4;
+ 
+   /* Skip over pr_psinfosz. */
+@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N
+ static bfd_boolean
+ elfcore_grok_netbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
+ {
+  if (note->descsz <= 0x7c + 31)
+    return FALSE;
+
+   /* Signal number at offset 0x08. */
+   elf_tdata (abfd)->core->signal
+     = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
+@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf
+ static bfd_boolean
+ elfcore_grok_openbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
+ {
+  if (note->descsz <= 0x48 + 31)
+    return FALSE;
+
+   /* Signal number at offset 0x08. */
+   elf_tdata (abfd)->core->signal
+     = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
+@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_
+   short sig;
+   unsigned flags;
+ 
+  if (note->descsz < 16)
+    return FALSE;
+
+   /* nto_procfs_status 'pid' field is at offset 0.  */
+   elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata);
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
+2017-11-16  Nick Clifton  <nickc@redhat.com>
+ 
+       PR 22421
+       * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
+       (elfcore_grok_openbsd_procinfo): Likewise.
+       (elfcore_grok_nto_status): Likewise.
+
+ 2017-10-31  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22373
author	Armin Kuster <akuster@mvista.com>	2018-08-07 16:33:02 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-08-15 10:22:45 +0100
commit	ad4d04429ac4f8b19f04b4c439ee6e815e699136 (patch)
tree	53c7fa8216a00b9b5a3701359367dce0f3b06023 /meta/recipes-devtools/binutils
parent	1abb9cc58e4be1c5de0e763b3cc34c3e0640679d (diff)
download	poky-ad4d04429ac4f8b19f04b4c439ee6e815e699136.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 6611fdc3a6..2a713caf5d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -60,6 +60,7 @@ SRC_URI = "\
60	file://CVE-2017-16830.patch \	60	file://CVE-2017-16830.patch \
61	file://CVE-2017-16831.patch \	61	file://CVE-2017-16831.patch \
62	file://CVE-2017-16832.patch \	62	file://CVE-2017-16832.patch \
		63	file://CVE-2017-17080.patch \
63	"	64	"
64	S = "${WORKDIR}/git"	65	S = "${WORKDIR}/git"
65		66


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch new file mode 100644 index 0000000000..611a276def --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch
@@ -0,0 +1,78 @@
		1	From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Thu, 16 Nov 2017 14:53:32 +0000
		4	Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly
		5	formated core notes.
		6
		7	PR 22421
		8	* elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
		9	(elfcore_grok_openbsd_procinfo): Likewise.
		10	(elfcore_grok_nto_status): Likewise.
		11
		12	Upstream-Status: Backport
		13	Affects: <= 2.29.1
		14	CVE: CVE-2017-17080
		15	Signed-off-by: Armin Kuster <akuster@mvista.com>
		16
		17	---
		18	bfd/ChangeLog \| 7 +++++++
		19	bfd/elf.c \| 10 ++++++++++
		20	2 files changed, 17 insertions(+)
		21
		22	Index: git/bfd/elf.c
		23	===================================================================
		24	--- git.orig/bfd/elf.c
		25	+++ git/bfd/elf.c
		26	@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd,
		27	/* Check for version 1 in pr_version. */
		28	if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1)
		29	return FALSE;
		30	+
		31	offset = 4;
		32
		33	/* Skip over pr_psinfosz. */
		34	@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N
		35	static bfd_boolean
		36	elfcore_grok_netbsd_procinfo (bfd abfd, Elf_Internal_Note note)
		37	{
		38	+ if (note->descsz <= 0x7c + 31)
		39	+ return FALSE;
		40	+
		41	/* Signal number at offset 0x08. */
		42	elf_tdata (abfd)->core->signal
		43	= bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
		44	@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf
		45	static bfd_boolean
		46	elfcore_grok_openbsd_procinfo (bfd abfd, Elf_Internal_Note note)
		47	{
		48	+ if (note->descsz <= 0x48 + 31)
		49	+ return FALSE;
		50	+
		51	/* Signal number at offset 0x08. */
		52	elf_tdata (abfd)->core->signal
		53	= bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
		54	@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_
		55	short sig;
		56	unsigned flags;
		57
		58	+ if (note->descsz < 16)
		59	+ return FALSE;
		60	+
		61	/* nto_procfs_status 'pid' field is at offset 0. */
		62	elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata);
		63
		64	Index: git/bfd/ChangeLog
		65	===================================================================
		66	--- git.orig/bfd/ChangeLog
		67	+++ git/bfd/ChangeLog
		68	@@ -1,3 +1,10 @@
		69	+2017-11-16 Nick Clifton <nickc@redhat.com>
		70	+
		71	+ PR 22421
		72	+ * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
		73	+ (elfcore_grok_openbsd_procinfo): Likewise.
		74	+ (elfcore_grok_nto_status): Likewise.
		75	+
		76	2017-10-31 Nick Clifton <nickc@redhat.com>
		77
		78	PR 22373