diff options
author | Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | 2018-08-22 17:11:46 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-29 15:23:51 +0100 |
commit | 2ef1650794724a6cd6b0a6ac44024bbc8ed824a6 (patch) | |
tree | 0aabdc07d435d3334a79b85a59431b36ab07c9bb /meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch | |
parent | 46d4ce537d9525a9eda357525d0d78e7b73851c7 (diff) | |
download | poky-2ef1650794724a6cd6b0a6ac44024bbc8ed824a6.tar.gz |
qemu: CVE-2018-7550
multiboot: bss_end_addr can be zero
The multiboot spec
(https://www.gnu.org/software/grub/manual/multiboot/),
section 3.1.3, allows for bss_end_addr to be zero.
A zero bss_end_addr signifies there is no .bss section.
Affects qemu < v2.12.0
(From OE-Core rev: 9f1d026168956e7bf45135577c123f7679a6ebba)
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch new file mode 100644 index 0000000000..9923d123a5 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From 2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jack Schwartz <jack.schwartz@oracle.com> | ||
3 | Date: Thu, 21 Dec 2017 09:25:15 -0800 | ||
4 | Subject: [PATCH] multiboot: bss_end_addr can be zero | ||
5 | |||
6 | The multiboot spec (https://www.gnu.org/software/grub/manual/multiboot/), | ||
7 | section 3.1.3, allows for bss_end_addr to be zero. | ||
8 | |||
9 | A zero bss_end_addr signifies there is no .bss section. | ||
10 | |||
11 | CVE: CVE-2018-7550 | ||
12 | Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8] | ||
13 | |||
14 | Suggested-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
15 | Signed-off-by: Jack Schwartz <jack.schwartz@oracle.com> | ||
16 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
17 | Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
18 | Signed-off-by: Kevin Wolf <kwolf@redhat.com> | ||
19 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
20 | --- | ||
21 | hw/i386/multiboot.c | 18 ++++++++++-------- | ||
22 | 1 file changed, 10 insertions(+), 8 deletions(-) | ||
23 | |||
24 | diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c | ||
25 | index 46d9c68bf5..bb8d8e4629 100644 | ||
26 | --- a/hw/i386/multiboot.c | ||
27 | +++ b/hw/i386/multiboot.c | ||
28 | @@ -233,12 +233,6 @@ int load_multiboot(FWCfgState *fw_cfg, | ||
29 | mh_entry_addr = ldl_p(header+i+28); | ||
30 | |||
31 | if (mh_load_end_addr) { | ||
32 | - if (mh_bss_end_addr < mh_load_addr) { | ||
33 | - fprintf(stderr, "invalid mh_bss_end_addr address\n"); | ||
34 | - exit(1); | ||
35 | - } | ||
36 | - mb_kernel_size = mh_bss_end_addr - mh_load_addr; | ||
37 | - | ||
38 | if (mh_load_end_addr < mh_load_addr) { | ||
39 | fprintf(stderr, "invalid mh_load_end_addr address\n"); | ||
40 | exit(1); | ||
41 | @@ -249,8 +243,16 @@ int load_multiboot(FWCfgState *fw_cfg, | ||
42 | fprintf(stderr, "invalid kernel_file_size\n"); | ||
43 | exit(1); | ||
44 | } | ||
45 | - mb_kernel_size = kernel_file_size - mb_kernel_text_offset; | ||
46 | - mb_load_size = mb_kernel_size; | ||
47 | + mb_load_size = kernel_file_size - mb_kernel_text_offset; | ||
48 | + } | ||
49 | + if (mh_bss_end_addr) { | ||
50 | + if (mh_bss_end_addr < (mh_load_addr + mb_load_size)) { | ||
51 | + fprintf(stderr, "invalid mh_bss_end_addr address\n"); | ||
52 | + exit(1); | ||
53 | + } | ||
54 | + mb_kernel_size = mh_bss_end_addr - mh_load_addr; | ||
55 | + } else { | ||
56 | + mb_kernel_size = mb_load_size; | ||
57 | } | ||
58 | |||
59 | /* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_VBE. | ||
60 | -- | ||
61 | 2.13.3 | ||
62 | |||