diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-13 17:14:14 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:10:08 +0000 |
commit | fdee751f82a4299b0ac0bdc42708f6253e950505 (patch) | |
tree | 95b7390363ca0faec8acfe85b74d646d9fceb5f5 /meta/recipes-devtools | |
parent | 52bc287aca0fa756c5593cebcb86b7759cf78dd5 (diff) | |
download | poky-fdee751f82a4299b0ac0bdc42708f6253e950505.tar.gz |
binutils: CVE-2017-8421
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74140
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 5f6dd48c427de8663c5a80af6db44ce5c579d42c
Description:
Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
PR 21440
* objdump.c (dump_relocs_in_section): Check for an excessive
number of relocs before attempting to dump them.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
(From OE-Core rev: 09c642a70e2a12dcc01ffe45c333011a142c02a7)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch | 51 |
2 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 014655f7df..3e514fc042 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -72,6 +72,7 @@ SRC_URI = "\ | |||
72 | file://CVE-2017-8397.patch \ | 72 | file://CVE-2017-8397.patch \ |
73 | file://CVE-2017-7300.patch \ | 73 | file://CVE-2017-7300.patch \ |
74 | file://CVE-2017-8396.patch \ | 74 | file://CVE-2017-8396.patch \ |
75 | file://CVE-2017-8421.patch \ | ||
75 | " | 76 | " |
76 | S = "${WORKDIR}/git" | 77 | S = "${WORKDIR}/git" |
77 | 78 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch new file mode 100644 index 0000000000..da6e475828 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch | |||
@@ -0,0 +1,51 @@ | |||
1 | commit 39ff1b79f687b65f4144ddb379f22587003443fb | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Tue May 2 11:54:53 2017 +0100 | ||
4 | |||
5 | Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs. | ||
6 | |||
7 | PR 21440 | ||
8 | * objdump.c (dump_relocs_in_section): Check for an excessive | ||
9 | number of relocs before attempting to dump them. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | CVE: CVE-2017-8421 | ||
14 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
15 | |||
16 | Index: git/binutils/objdump.c | ||
17 | =================================================================== | ||
18 | --- git.orig/binutils/objdump.c 2017-09-05 11:34:23.140802515 +0530 | ||
19 | +++ git/binutils/objdump.c 2017-09-05 11:34:28.716824776 +0530 | ||
20 | @@ -3238,6 +3238,14 @@ | ||
21 | return; | ||
22 | } | ||
23 | |||
24 | + if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0 | ||
25 | + && relsize > get_file_size (bfd_get_filename (abfd))) | ||
26 | + { | ||
27 | + printf (" (too many: 0x%x)\n", section->reloc_count); | ||
28 | + bfd_set_error (bfd_error_file_truncated); | ||
29 | + bfd_fatal (bfd_get_filename (abfd)); | ||
30 | + } | ||
31 | + | ||
32 | relpp = (arelent **) xmalloc (relsize); | ||
33 | relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms); | ||
34 | |||
35 | Index: git/binutils/ChangeLog | ||
36 | =================================================================== | ||
37 | --- git.orig/binutils/ChangeLog 2017-09-05 11:34:28.040822070 +0530 | ||
38 | +++ git/binutils/ChangeLog 2017-09-05 11:36:02.413217129 +0530 | ||
39 | @@ -4,6 +4,12 @@ | ||
40 | * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty | ||
41 | string whilst concatenating symbol names. | ||
42 | |||
43 | +2017-05-02 Nick Clifton <nickc@redhat.com> | ||
44 | + | ||
45 | + PR 21440 | ||
46 | + * objdump.c (dump_relocs_in_section): Check for an excessive | ||
47 | + number of relocs before attempting to dump them. | ||
48 | + | ||
49 | 2017-02-14 Nick Clifton <nickc@redhat.com> | ||
50 | |||
51 | PR binutils/21157 | ||