diff options
author | Armin Kuster <akuster@mvista.com> | 2017-06-21 11:22:35 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:10:07 +0000 |
commit | 4bca7db53e6444c7329e55275b7795387d42a234 (patch) | |
tree | f4f639bc1477f2ea3b0d7f2f0f59f411baaa32a7 /meta/recipes-devtools | |
parent | 4be76c16e36950498a475fc8b99f35c3346bbd3b (diff) | |
download | poky-4bca7db53e6444c7329e55275b7795387d42a234.tar.gz |
binutils: Security fix for CVE-2017-9040 and 2017-9042
Source: binutils-gdb.git
MR: 72756, 72805
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
ChangeID: af83ec9e8322e0e051bb684bd2fee5fe8a506fbc
Description:
excluded some changes as the code does not exist in our version. Does not affect fix.
Affects: <= Binutils 2017-04-12
(From OE-Core rev: 2dfdc0ceac466a4b80ece01a970cb5cfdc08d7ab)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Reviewed-by Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch | 83 |
2 files changed, 84 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index eefb2e7031..53c09e6d0d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -49,6 +49,7 @@ SRC_URI = "\ | |||
49 | file://CVE-2017-9038.patch \ | 49 | file://CVE-2017-9038.patch \ |
50 | file://CVE-2017-9039.patch \ | 50 | file://CVE-2017-9039.patch \ |
51 | file://CVE-2017-9039_1.patch \ | 51 | file://CVE-2017-9039_1.patch \ |
52 | file://CVE-2017-9040_and_9042.patch \ | ||
52 | " | 53 | " |
53 | S = "${WORKDIR}/git" | 54 | S = "${WORKDIR}/git" |
54 | 55 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch new file mode 100644 index 0000000000..d5089035e1 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch | |||
@@ -0,0 +1,83 @@ | |||
1 | From 7296a62a2a237f6b1ad8db8c38b090e9f592c8cf Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Thu, 13 Apr 2017 16:06:30 +0100 | ||
4 | Subject: [PATCH] readelf: fix out of range subtraction, seg fault from a NULL | ||
5 | pointer and memory exhaustion, all from parsing corrupt binaries. | ||
6 | |||
7 | PR binutils/21379 | ||
8 | * readelf.c (process_dynamic_section): Detect over large section | ||
9 | offsets in the DT_SYMTAB entry. | ||
10 | |||
11 | PR binutils/21345 | ||
12 | * readelf.c (process_mips_specific): Catch an unfeasible memory | ||
13 | allocation before it happens and print a suitable error message. | ||
14 | |||
15 | Upstream-Status: Backport | ||
16 | |||
17 | did not include all the commit as affect code does not exists. it does contain the two | ||
18 | fixes above. | ||
19 | both cve's fixed by same comit. | ||
20 | |||
21 | CVE: CVE-2017-9040 | ||
22 | CVE: CVE-2017-9042 | ||
23 | VER: <= 2.28 | ||
24 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
25 | |||
26 | --- | ||
27 | binutils/ChangeLog | 12 ++++++++++++ | ||
28 | binutils/readelf.c | 26 +++++++++++++++++++++----- | ||
29 | 2 files changed, 33 insertions(+), 5 deletions(-) | ||
30 | |||
31 | Index: git/binutils/readelf.c | ||
32 | =================================================================== | ||
33 | --- git.orig/binutils/readelf.c | ||
34 | +++ git/binutils/readelf.c | ||
35 | @@ -9079,6 +9079,12 @@ process_dynamic_section (FILE * file) | ||
36 | processing that. This is overkill, I know, but it | ||
37 | should work. */ | ||
38 | section.sh_offset = offset_from_vma (file, entry->d_un.d_val, 0); | ||
39 | + if ((bfd_size_type) section.sh_offset > current_file_size) | ||
40 | + { | ||
41 | + /* See PR 21379 for a reproducer. */ | ||
42 | + error (_("Invalid DT_SYMTAB entry: %lx"), (long) section.sh_offset); | ||
43 | + return FALSE; | ||
44 | + } | ||
45 | |||
46 | if (archive_file_offset != 0) | ||
47 | section.sh_size = archive_file_size - section.sh_offset; | ||
48 | @@ -14882,6 +14888,15 @@ process_mips_specific (FILE * file) | ||
49 | return 0; | ||
50 | } | ||
51 | |||
52 | + /* PR 21345 - print a slightly more helpful error message | ||
53 | + if we are sure that the cmalloc will fail. */ | ||
54 | + if (conflictsno * sizeof (* iconf) > current_file_size) | ||
55 | + { | ||
56 | + error (_("Overlarge number of conflicts detected: %lx\n"), | ||
57 | + (long) conflictsno); | ||
58 | + return FALSE; | ||
59 | + } | ||
60 | + | ||
61 | iconf = (Elf32_Conflict *) cmalloc (conflictsno, sizeof (* iconf)); | ||
62 | if (iconf == NULL) | ||
63 | { | ||
64 | Index: git/bfd/ChangeLog | ||
65 | =================================================================== | ||
66 | --- git.orig/bfd/ChangeLog | ||
67 | +++ git/bfd/ChangeLog | ||
68 | @@ -1,3 +1,15 @@ | ||
69 | +2017-04-13 Nick Clifton <nickc@redhat.com> | ||
70 | + | ||
71 | + PR binutils/21379 | ||
72 | + * readelf.c (process_dynamic_section): Detect over large section | ||
73 | + offsets in the DT_SYMTAB entry. | ||
74 | + | ||
75 | +2017-04-13 Nick Clifton <nickc@redhat.com> | ||
76 | + | ||
77 | + PR binutils/21345 | ||
78 | + * readelf.c (process_mips_specific): Catch an unfeasible memory | ||
79 | + allocation before it happens and print a suitable error message. | ||
80 | + | ||
81 | 2017-04-03 Nick Clifton <nickc@redhat.com> | ||
82 | |||
83 | PR binutils/21345 | ||