summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-06 14:09:04 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-15 10:22:45 +0100
commit6e01f789947809c3039ea5ff9bdff05d1142cd25 (patch)
tree599e16fe207eb5306100ab108c309ab1597387b1 /meta/recipes-devtools/binutils
parent9be7b4f3db6243fc2a557ad63543173f2b1f5d86 (diff)
downloadpoky-6e01f789947809c3039ea5ff9bdff05d1142cd25.tar.gz
binutls: Security fix CVE-2017-14934
Affects: <= 2.29.1 (From OE-Core rev: b7715d4782cf956c198eaa6b43a6bf11fe8ece7c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.29.1.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch63
2 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 78b5249ee1..1962f5c303 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -40,6 +40,7 @@ SRC_URI = "\
40 file://CVE-2017-14932.patch \ 40 file://CVE-2017-14932.patch \
41 file://CVE-2017-14933_p1.patch \ 41 file://CVE-2017-14933_p1.patch \
42 file://CVE-2017-14933_p2.patch \ 42 file://CVE-2017-14933_p2.patch \
43 file://CVE-2017-14934.patch \
43" 44"
44S = "${WORKDIR}/git" 45S = "${WORKDIR}/git"
45 46
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch
new file mode 100644
index 0000000000..57733f08cf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch
@@ -0,0 +1,63 @@
1From 19485196044b2521af979f1e5c4a89bfb90fba0b Mon Sep 17 00:00:00 2001
2From: Nick Clifton <nickc@redhat.com>
3Date: Wed, 27 Sep 2017 10:42:51 +0100
4Subject: [PATCH] Prevent an infinite loop in the DWARF parsing code when
5 encountering a CU structure with a small negative size.
6
7 PR 22219
8 * dwarf.c (process_debug_info): Add a check for a negative
9 cu_length field.
10
11Upstream-Status: Backport
12Affects: <= 2.29.1
13CVE: CVE-2017-14934
14Signed-off-by: Armin Kuster <akuster@mvista.com>
15
16---
17 binutils/ChangeLog | 6 ++++++
18 binutils/dwarf.c | 11 ++++++++++-
19 2 files changed, 16 insertions(+), 1 deletion(-)
20
21Index: git/binutils/dwarf.c
22===================================================================
23--- git.orig/binutils/dwarf.c
24+++ git/binutils/dwarf.c
25@@ -2547,7 +2547,7 @@ process_debug_info (struct dwarf_section
26 int level, last_level, saved_level;
27 dwarf_vma cu_offset;
28 unsigned int offset_size;
29- int initial_length_size;
30+ unsigned int initial_length_size;
31 dwarf_vma signature_high = 0;
32 dwarf_vma signature_low = 0;
33 dwarf_vma type_offset = 0;
34@@ -2695,6 +2695,15 @@ process_debug_info (struct dwarf_section
35 num_units = unit;
36 break;
37 }
38+ else if (compunit.cu_length + initial_length_size < initial_length_size)
39+ {
40+ warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"),
41+ dwarf_vmatoa ("x", cu_offset),
42+ dwarf_vmatoa ("x", compunit.cu_length));
43+ num_units = unit;
44+ break;
45+ }
46+
47 tags = hdrptr;
48 start += compunit.cu_length + initial_length_size;
49
50Index: git/binutils/ChangeLog
51===================================================================
52--- git.orig/binutils/ChangeLog
53+++ git/binutils/ChangeLog
54@@ -1,3 +1,9 @@
55+2017-09-27 Nick Clifton <nickc@redhat.com>
56+
57+ PR 22219
58+ * dwarf.c (process_debug_info): Add a check for a negative
59+ cu_length field.
60+
61 2017-11-01 Alan Modra <amodra@gmail.com>
62
63 Apply from master