binutils: CVE-2017-14729

Source: binutils-gdb.git MR: 76278 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 05de8bcd22d8d0b54badcd3826cd370b3aed81de Description: x86: Guard against corrupted PLT There should be only one entry in PLT for a given symbol. Set howto to NULL after processing a PLT entry to guard against corrupted PLT so that the duplicated PLT entries are skipped. PR binutils/22170 Affects: <= 2.29 (From OE-Core rev: 51fc4c8d86bc7c567794305bcc08e5054e9e204a) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Thiruvadi Rajaraman <trajaraman@mvista.com> 2017-11-08 12:38:06 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07 17:10:09 +0000
commit: 05281ec4a64e22b2c8fcaa153e0f03464800092c (patch)
tree: 8270ab6dcf0ced91d3c14e422822c64ecf12fec2 /meta/recipes-devtools
parent: e7f53f5fe5f5977c2f5fe206052e8c6d0b3bd1a2 (diff)
download: poky-05281ec4a64e22b2c8fcaa153e0f03464800092c.tar.gz
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index b38a9583cf..b1669a4ef0 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -100,6 +100,7 @@ SRC_URI = "\
     file://CVE-2017-9955_7.patch \
     file://CVE-2017-9955_8.patch \
     file://CVE-2017-9955_9.patch \
+     file://CVE-2017-14729.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
new file mode 100644
index 0000000000..09d5143829
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
@@ -0,0 +1,45 @@
+commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date:   Fri Sep 22 14:15:40 2017 -0700
+x86: Guard against corrupted PLT
+There should be only one entry in PLT for a given symbol.  Set howto to
+NULL after processing a PLT entry to guard against corrupted PLT so that
+the duplicated PLT entries are skipped.
+PR binutils/22170
+Upstream-Status: Backport
+CVE: CVE-2017-14729
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/elf-ifunc.c
+===================================================================
+--- git.orig/bfd/elf-ifunc.c    2017-11-08 12:34:22.063320490 +0530
+++ git/bfd/elf-ifunc.c 2017-11-08 12:34:29.995404891 +0530
+@@ -473,6 +473,10 @@
+       memcpy (names, "@plt", sizeof ("@plt"));
+       names += sizeof ("@plt");
+       ++s, ++n;
+      /* There should be only one entry in PLT for a given 
+         symbol.  Set howto to NULL after processing a PLT 
+         entry to guard against corrupted PLT.  */
+      p->howto = NULL; 
+     }
+ 
+   free (plt_sym_val);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog      2017-11-08 12:34:29.939404297 +0530
+++ git/bfd/ChangeLog   2017-11-08 12:35:55.660271599 +0530
+@@ -1,3 +1,9 @@
+2017-09-22  H.J. Lu  <hongjiu.lu@intel.com>
+
+       PR binutils/22170
+       * elf-ifunc.c (elf_get_synthetic_symtab): Guard against
+       corrupted PLT.
+
+ 2017-07-27  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 21840
author	Thiruvadi Rajaraman <trajaraman@mvista.com>	2017-11-08 12:38:06 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-01-07 17:10:09 +0000
commit	05281ec4a64e22b2c8fcaa153e0f03464800092c (patch)
tree	8270ab6dcf0ced91d3c14e422822c64ecf12fec2 /meta/recipes-devtools
parent	e7f53f5fe5f5977c2f5fe206052e8c6d0b3bd1a2 (diff)
download	poky-05281ec4a64e22b2c8fcaa153e0f03464800092c.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index b38a9583cf..b1669a4ef0 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -100,6 +100,7 @@ SRC_URI = "\
100	file://CVE-2017-9955_7.patch \	100	file://CVE-2017-9955_7.patch \
101	file://CVE-2017-9955_8.patch \	101	file://CVE-2017-9955_8.patch \
102	file://CVE-2017-9955_9.patch \	102	file://CVE-2017-9955_9.patch \
		103	file://CVE-2017-14729.patch \
103	"	104	"
104	S = "${WORKDIR}/git"	105	S = "${WORKDIR}/git"
105		106


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch new file mode 100644 index 0000000000..09d5143829 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
@@ -0,0 +1,45 @@
		1	commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
		2	Author: H.J. Lu <hjl.tools@gmail.com>
		3	Date: Fri Sep 22 14:15:40 2017 -0700
		4
		5	x86: Guard against corrupted PLT
		6
		7	There should be only one entry in PLT for a given symbol. Set howto to
		8	NULL after processing a PLT entry to guard against corrupted PLT so that
		9	the duplicated PLT entries are skipped.
		10
		11	PR binutils/22170
		12
		13	Upstream-Status: Backport
		14
		15	CVE: CVE-2017-14729
		16	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
		17	Index: git/bfd/elf-ifunc.c
		18	===================================================================
		19	--- git.orig/bfd/elf-ifunc.c 2017-11-08 12:34:22.063320490 +0530
		20	+++ git/bfd/elf-ifunc.c 2017-11-08 12:34:29.995404891 +0530
		21	@@ -473,6 +473,10 @@
		22	memcpy (names, "@plt", sizeof ("@plt"));
		23	names += sizeof ("@plt");
		24	++s, ++n;
		25	+ /* There should be only one entry in PLT for a given
		26	+ symbol. Set howto to NULL after processing a PLT
		27	+ entry to guard against corrupted PLT. */
		28	+ p->howto = NULL;
		29	}
		30
		31	free (plt_sym_val);
		32	Index: git/bfd/ChangeLog
		33	===================================================================
		34	--- git.orig/bfd/ChangeLog 2017-11-08 12:34:29.939404297 +0530
		35	+++ git/bfd/ChangeLog 2017-11-08 12:35:55.660271599 +0530
		36	@@ -1,3 +1,9 @@
		37	+2017-09-22 H.J. Lu <hongjiu.lu@intel.com>
		38	+
		39	+ PR binutils/22170
		40	+ * elf-ifunc.c (elf_get_synthetic_symtab): Guard against
		41	+ corrupted PLT.
		42	+
		43	2017-07-27 Nick Clifton <nickc@redhat.com>
		44
		45	PR 21840