elfutils: CVE-2018-16062

Backport the CVE patch from the upstream: https://sourceware.org/git/?p=elfutils.git;a=commit; h=29e31978ba51c1051743a503ee325b5ebc03d7e9 (From OE-Core rev: bcca86fca317c16a8f6c138c7df369b944e50700) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Zhixiong Chi <zhixiong.chi@windriver.com> 2018-09-04 19:42:46 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-09-06 10:36:31 +0100
commit: a33c82de39e1835662b55ccd01dcdc1e25ffb21d (patch)
tree: 8ef1344f57c117aa49b101e8a0013fd79ae7a375 /meta/recipes-devtools/elfutils/files
parent: c05304f1eaf40df51c480abc293e6b0465bf91f6 (diff)
download: poky-a33c82de39e1835662b55ccd01dcdc1e25ffb21d.tar.gz
1 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch b/meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch
new file mode 100644
index 0000000000..cfeb1ca13c
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch
@@ -0,0 +1,79 @@
+From 29e31978ba51c1051743a503ee325b5ebc03d7e9 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sat, 18 Aug 2018 13:27:48 +0200
+Subject: [PATCH] libdw, readelf: Make sure there is enough data to read full
+ aranges header.
+dwarf_getaranges didn't check if there was enough data left to read both
+the address and segment size. readelf didn't check there was enough data
+left to read the segment size.
+https://sourceware.org/bugzilla/show_bug.cgi?id=23541
+CVE: CVE-2018-16062
+Upstream-Status: Backport
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ libdw/ChangeLog          | 5 +++++
+ libdw/dwarf_getaranges.c | 4 ++++
+ src/ChangeLog            | 5 +++++
+ src/readelf.c            | 2 ++
+ 4 files changed, 16 insertions(+)
+diff --git a/libdw/ChangeLog b/libdw/ChangeLog
+index cb4f34e..472d922 100644
+--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
+@@ -1,3 +1,8 @@
+2018-08-18  Mark Wielaard  <mark@klomp.org>
+
+       * dwarf_getaranges.c (dwarf_getaranges.c): Make sure there is enough
+       data to read the address and segment size.
+
+ 2018-06-28  Mark Wielaard  <mark@klomp.org>
+ 
+        * dwarf_next_cfi.c (dwarf_next_cfi): Check whether length is zero.
+diff --git a/libdw/dwarf_getaranges.c b/libdw/dwarf_getaranges.c
+index bff9c86..de5b81b 100644
+--- a/libdw/dwarf_getaranges.c
+++ b/libdw/dwarf_getaranges.c
+@@ -148,6 +148,10 @@ dwarf_getaranges (Dwarf *dbg, Dwarf_Aranges **aranges, size_t *naranges)
+                                   length_bytes, &offset, IDX_debug_info, 4))
+        goto fail;
+ 
+      /* Next up two bytes for address and segment size.  */
+      if (readp + 2 > readendp)
+       goto invalid;
+
+       unsigned int address_size = *readp++;
+       if (unlikely (address_size != 4 && address_size != 8))
+        goto invalid;
+diff --git a/src/ChangeLog b/src/ChangeLog
+index 8c89f83..2f9f774 100644
+--- a/src/ChangeLog
+++ b/src/ChangeLog
+@@ -1,3 +1,8 @@
+2018-08-18  Mark Wielaard  <mark@klomp.org>
+
+       * readelf.c (print_debug_aranges_section): Make sure there is enough
+       data to read the header segment size.
+
+ 2018-06-25  Mark Wielaard  <mark@klomp.org>
+ 
+        * readelf.c (print_decoded_line_section): Use dwarf_next_lines
+diff --git a/src/readelf.c b/src/readelf.c
+index 7b5707f..7b488ac 100644
+--- a/src/readelf.c
+++ b/src/readelf.c
+@@ -5447,6 +5447,8 @@ print_debug_aranges_section (Dwfl_Module *dwflmod __attribute__ ((unused)),
+          goto next_table;
+        }
+ 
+      if (readp + 1 > readendp)
+       goto invalid_data;
+       unsigned int segment_size = *readp++;
+       printf (gettext (" Segment size:  %6" PRIu64 "\n\n"),
+              (uint64_t) segment_size);
+-- 
+2.9.3
author	Zhixiong Chi <zhixiong.chi@windriver.com>	2018-09-04 19:42:46 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-09-06 10:36:31 +0100
commit	a33c82de39e1835662b55ccd01dcdc1e25ffb21d (patch)
tree	8ef1344f57c117aa49b101e8a0013fd79ae7a375 /meta/recipes-devtools/elfutils/files
parent	c05304f1eaf40df51c480abc293e6b0465bf91f6 (diff)
download	poky-a33c82de39e1835662b55ccd01dcdc1e25ffb21d.tar.gz

diff --git a/meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch b/meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch new file mode 100644 index 0000000000..cfeb1ca13c --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch
@@ -0,0 +1,79 @@
	1	From 29e31978ba51c1051743a503ee325b5ebc03d7e9 Mon Sep 17 00:00:00 2001
	2	From: Mark Wielaard <mark@klomp.org>
	3	Date: Sat, 18 Aug 2018 13:27:48 +0200
	4	Subject: [PATCH] libdw, readelf: Make sure there is enough data to read full
	5	aranges header.
	6
	7	dwarf_getaranges didn't check if there was enough data left to read both
	8	the address and segment size. readelf didn't check there was enough data
	9	left to read the segment size.
	10
	11	https://sourceware.org/bugzilla/show_bug.cgi?id=23541
	12
	13	CVE: CVE-2018-16062
	14	Upstream-Status: Backport
	15
	16	Signed-off-by: Mark Wielaard <mark@klomp.org>
	17	---
	18	libdw/ChangeLog \| 5 +++++
	19	libdw/dwarf_getaranges.c \| 4 ++++
	20	src/ChangeLog \| 5 +++++
	21	src/readelf.c \| 2 ++
	22	4 files changed, 16 insertions(+)
	23
	24	diff --git a/libdw/ChangeLog b/libdw/ChangeLog
	25	index cb4f34e..472d922 100644
	26	--- a/libdw/ChangeLog
	27	+++ b/libdw/ChangeLog
	28	@@ -1,3 +1,8 @@
	29	+2018-08-18 Mark Wielaard <mark@klomp.org>
	30	+
	31	+ * dwarf_getaranges.c (dwarf_getaranges.c): Make sure there is enough
	32	+ data to read the address and segment size.
	33	+
	34	2018-06-28 Mark Wielaard <mark@klomp.org>
	35
	36	* dwarf_next_cfi.c (dwarf_next_cfi): Check whether length is zero.
	37	diff --git a/libdw/dwarf_getaranges.c b/libdw/dwarf_getaranges.c
	38	index bff9c86..de5b81b 100644
	39	--- a/libdw/dwarf_getaranges.c
	40	+++ b/libdw/dwarf_getaranges.c
	41	@@ -148,6 +148,10 @@ dwarf_getaranges (Dwarf dbg, Dwarf_Aranges aranges, size_t naranges)
	42	length_bytes, &offset, IDX_debug_info, 4))
	43	goto fail;
	44
	45	+ /* Next up two bytes for address and segment size. */
	46	+ if (readp + 2 > readendp)
	47	+ goto invalid;
	48	+
	49	unsigned int address_size = *readp++;
	50	if (unlikely (address_size != 4 && address_size != 8))
	51	goto invalid;
	52	diff --git a/src/ChangeLog b/src/ChangeLog
	53	index 8c89f83..2f9f774 100644
	54	--- a/src/ChangeLog
	55	+++ b/src/ChangeLog
	56	@@ -1,3 +1,8 @@
	57	+2018-08-18 Mark Wielaard <mark@klomp.org>
	58	+
	59	+ * readelf.c (print_debug_aranges_section): Make sure there is enough
	60	+ data to read the header segment size.
	61	+
	62	2018-06-25 Mark Wielaard <mark@klomp.org>
	63
	64	* readelf.c (print_decoded_line_section): Use dwarf_next_lines
	65	diff --git a/src/readelf.c b/src/readelf.c
	66	index 7b5707f..7b488ac 100644
	67	--- a/src/readelf.c
	68	+++ b/src/readelf.c
	69	@@ -5447,6 +5447,8 @@ print_debug_aranges_section (Dwfl_Module *dwflmod __attribute__ ((unused)),
	70	goto next_table;
	71	}
	72
	73	+ if (readp + 1 > readendp)
	74	+ goto invalid_data;
	75	unsigned int segment_size = *readp++;
	76	printf (gettext (" Segment size: %6" PRIu64 "\n\n"),
	77	(uint64_t) segment_size);
	78	--
	79	2.9.3