summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-06 14:16:09 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-15 10:22:45 +0100
commitb38088da6a8685d934c772fe864d16e952c0c0b9 (patch)
tree565426dec761a38729267af21fca3caa3af623a4 /meta/recipes-devtools
parent6e01f789947809c3039ea5ff9bdff05d1142cd25 (diff)
downloadpoky-b38088da6a8685d934c772fe864d16e952c0c0b9.tar.gz
binutls: Security fix for CVE-2017-14938
Affects: <= 2.29.1 (From OE-Core rev: 45de3690367c8e0adf443a2f2630ecf8791789d6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.29.1.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch64
2 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 1962f5c303..c7c755fcb3 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -41,6 +41,7 @@ SRC_URI = "\
41 file://CVE-2017-14933_p1.patch \ 41 file://CVE-2017-14933_p1.patch \
42 file://CVE-2017-14933_p2.patch \ 42 file://CVE-2017-14933_p2.patch \
43 file://CVE-2017-14934.patch \ 43 file://CVE-2017-14934.patch \
44 file://CVE-2017-14938.patch \
44" 45"
45S = "${WORKDIR}/git" 46S = "${WORKDIR}/git"
46 47
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
new file mode 100644
index 0000000000..e62c73c06d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
@@ -0,0 +1,64 @@
1From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001
2From: Alan Modra <amodra@gmail.com>
3Date: Sun, 24 Sep 2017 14:34:57 +0930
4Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation
5
6The sanity check covers the previous minimim size, plus that the size
7is at least enough for sh_info verneed entries.
8
9Also, since we write all verneed fields or exit with an error, there
10isn't any need to zero the memory allocated for verneed entries.
11
12 PR 22166
13 * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
14 SHT_GNU_verneed section for sanity. Don't zalloc memory for
15 verref.
16
17Upstream-Status: Backport
18Affects: <= 2.29.1
19CVE: CVE-2017-14938
20Signed-off-by: Armin Kuster <akuster@mvista.com>
21
22---
23 bfd/ChangeLog | 7 +++++++
24 bfd/elf.c | 5 +++--
25 2 files changed, 10 insertions(+), 2 deletions(-)
26
27Index: git/bfd/elf.c
28===================================================================
29--- git.orig/bfd/elf.c
30+++ git/bfd/elf.c
31@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
32
33 hdr = &elf_tdata (abfd)->dynverref_hdr;
34
35- if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed))
36+ if (hdr->sh_info == 0
37+ || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed))
38 {
39 error_return_bad_verref:
40 _bfd_error_handler
41@@ -8219,7 +8220,7 @@ error_return_verref:
42 goto error_return_verref;
43
44 elf_tdata (abfd)->verref = (Elf_Internal_Verneed *)
45- bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
46+ bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
47
48 if (elf_tdata (abfd)->verref == NULL)
49 goto error_return_verref;
50Index: git/bfd/ChangeLog
51===================================================================
52--- git.orig/bfd/ChangeLog
53+++ git/bfd/ChangeLog
54@@ -1,3 +1,10 @@
55+2017-09-24 Alan Modra <amodra@gmail.com>
56+
57+ PR 22166
58+ * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
59+ SHT_GNU_verneed section for sanity. Don't zalloc memory for
60+ verref.
61+
62 2017-09-26 Alan Modra <amodra@gmail.com>
63
64 PR 22210