summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
authorZhixiong Chi <zhixiong.chi@windriver.com>2018-09-04 19:42:46 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-09-06 10:36:31 +0100
commita33c82de39e1835662b55ccd01dcdc1e25ffb21d (patch)
tree8ef1344f57c117aa49b101e8a0013fd79ae7a375 /meta/recipes-devtools
parentc05304f1eaf40df51c480abc293e6b0465bf91f6 (diff)
downloadpoky-a33c82de39e1835662b55ccd01dcdc1e25ffb21d.tar.gz
elfutils: CVE-2018-16062
Backport the CVE patch from the upstream: https://sourceware.org/git/?p=elfutils.git;a=commit; h=29e31978ba51c1051743a503ee325b5ebc03d7e9 (From OE-Core rev: bcca86fca317c16a8f6c138c7df369b944e50700) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/elfutils/elfutils_0.173.bb1
-rw-r--r--meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch79
2 files changed, 80 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.173.bb b/meta/recipes-devtools/elfutils/elfutils_0.173.bb
index 03144dc842..2fec73dbdb 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.173.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.173.bb
@@ -28,6 +28,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
28 file://debian/ignore_strmerge.diff \ 28 file://debian/ignore_strmerge.diff \
29 file://debian/0001-fix-gcc7-ftbfs.patch \ 29 file://debian/0001-fix-gcc7-ftbfs.patch \
30 file://debian/0001-disable_werror.patch \ 30 file://debian/0001-disable_werror.patch \
31 file://CVE-2018-16062.patch \
31 " 32 "
32SRC_URI_append_libc-musl = " file://0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch" 33SRC_URI_append_libc-musl = " file://0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch"
33 34
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch b/meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch
new file mode 100644
index 0000000000..cfeb1ca13c
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2018-16062.patch
@@ -0,0 +1,79 @@
1From 29e31978ba51c1051743a503ee325b5ebc03d7e9 Mon Sep 17 00:00:00 2001
2From: Mark Wielaard <mark@klomp.org>
3Date: Sat, 18 Aug 2018 13:27:48 +0200
4Subject: [PATCH] libdw, readelf: Make sure there is enough data to read full
5 aranges header.
6
7dwarf_getaranges didn't check if there was enough data left to read both
8the address and segment size. readelf didn't check there was enough data
9left to read the segment size.
10
11https://sourceware.org/bugzilla/show_bug.cgi?id=23541
12
13CVE: CVE-2018-16062
14Upstream-Status: Backport
15
16Signed-off-by: Mark Wielaard <mark@klomp.org>
17---
18 libdw/ChangeLog | 5 +++++
19 libdw/dwarf_getaranges.c | 4 ++++
20 src/ChangeLog | 5 +++++
21 src/readelf.c | 2 ++
22 4 files changed, 16 insertions(+)
23
24diff --git a/libdw/ChangeLog b/libdw/ChangeLog
25index cb4f34e..472d922 100644
26--- a/libdw/ChangeLog
27+++ b/libdw/ChangeLog
28@@ -1,3 +1,8 @@
29+2018-08-18 Mark Wielaard <mark@klomp.org>
30+
31+ * dwarf_getaranges.c (dwarf_getaranges.c): Make sure there is enough
32+ data to read the address and segment size.
33+
34 2018-06-28 Mark Wielaard <mark@klomp.org>
35
36 * dwarf_next_cfi.c (dwarf_next_cfi): Check whether length is zero.
37diff --git a/libdw/dwarf_getaranges.c b/libdw/dwarf_getaranges.c
38index bff9c86..de5b81b 100644
39--- a/libdw/dwarf_getaranges.c
40+++ b/libdw/dwarf_getaranges.c
41@@ -148,6 +148,10 @@ dwarf_getaranges (Dwarf *dbg, Dwarf_Aranges **aranges, size_t *naranges)
42 length_bytes, &offset, IDX_debug_info, 4))
43 goto fail;
44
45+ /* Next up two bytes for address and segment size. */
46+ if (readp + 2 > readendp)
47+ goto invalid;
48+
49 unsigned int address_size = *readp++;
50 if (unlikely (address_size != 4 && address_size != 8))
51 goto invalid;
52diff --git a/src/ChangeLog b/src/ChangeLog
53index 8c89f83..2f9f774 100644
54--- a/src/ChangeLog
55+++ b/src/ChangeLog
56@@ -1,3 +1,8 @@
57+2018-08-18 Mark Wielaard <mark@klomp.org>
58+
59+ * readelf.c (print_debug_aranges_section): Make sure there is enough
60+ data to read the header segment size.
61+
62 2018-06-25 Mark Wielaard <mark@klomp.org>
63
64 * readelf.c (print_decoded_line_section): Use dwarf_next_lines
65diff --git a/src/readelf.c b/src/readelf.c
66index 7b5707f..7b488ac 100644
67--- a/src/readelf.c
68+++ b/src/readelf.c
69@@ -5447,6 +5447,8 @@ print_debug_aranges_section (Dwfl_Module *dwflmod __attribute__ ((unused)),
70 goto next_table;
71 }
72
73+ if (readp + 1 > readendp)
74+ goto invalid_data;
75 unsigned int segment_size = *readp++;
76 printf (gettext (" Segment size: %6" PRIu64 "\n\n"),
77 (uint64_t) segment_size);
78--
792.9.3