binutils: CVE-2017-12448

Source: git://sourceware.org/git/binutils-gdb.git MR: 73880 Type: Security Fix Disposition: Backport from binutils-2_29-branch ChangeID: 6ef7c8e941d7a1c069b29e4671178c0d02427e3f Description: Fix use-after-free error when parsing a corrupt nested archive. PR 21787 * archive.c (bfd_generic_archive_p): If the bfd does not have the correct magic bytes at the start, set the error to wrong format and clear the format selector before returning NULL. Affects: <= 2.29 (From OE-Core rev: 996e7af41b48107bab5eca0ea26f507541382bd5) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Thiruvadi Rajaraman <trajaraman@mvista.com> 2017-08-30 17:51:17 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07 17:10:07 +0000
commit: 7963e14e406ce4bb596d1928e5623a7a0911837e (patch)
tree: d29de4766752d0ca1b432ea303b7dc67a158fdae /meta/recipes-devtools
parent: 7296c9fbd6cbf871f163cf3cb55d5ef2415e588d (diff)
download: poky-7963e14e406ce4bb596d1928e5623a7a0911837e.tar.gz
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 3c29f660cd..772df0af30 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -53,6 +53,7 @@ SRC_URI = "\
     file://CVE-2017-9041_1.patch \
     file://CVE-2017-9041_2.patch \
     file://CVE-2017-7226.patch \
+     file://CVE-2017-12448.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch
new file mode 100644
index 0000000000..039166cfb9
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch
@@ -0,0 +1,49 @@
+commit 909e4e716c4d77e33357bbe9bc902bfaf2e1af24
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Wed Jul 19 14:49:12 2017 +0100
+    Fix use-after-free error when parsing a corrupt nested archive.
+    
+        PR 21787
+        * archive.c (bfd_generic_archive_p): If the bfd does not have the
+        correct magic bytes at the start, set the error to wrong format
+        and clear the format selector before returning NULL.
+Upstream-Status: Backport
+CVE: CVE-2017-12448
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/archive.c
+===================================================================
+--- git.orig/bfd/archive.c      2017-08-30 16:44:10.848601412 +0530
+++ git/bfd/archive.c   2017-08-30 16:44:21.400855758 +0530
+@@ -834,7 +834,12 @@
+   if (strncmp (armag, ARMAG, SARMAG) != 0
+       && strncmp (armag, ARMAGB, SARMAG) != 0
+       && ! bfd_is_thin_archive (abfd))
+-    return NULL;
+    {
+      bfd_set_error (bfd_error_wrong_format);
+      if (abfd->format == bfd_archive)
+       abfd->format = bfd_unknown;
+      return NULL;
+    }
+ 
+   tdata_hold = bfd_ardata (abfd);
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog      2017-08-30 16:44:21.340854320 +0530
+++ git/bfd/ChangeLog   2017-08-30 16:46:48.716143277 +0530
+@@ -1,3 +1,10 @@
+2017-07-19  Nick Clifton  <nickc@redhat.com>
+
+       PR 21787
+       * archive.c (bfd_generic_archive_p): If the bfd does not have the
+       correct magic bytes at the start, set the error to wrong format
+       and clear the format selector before returning NULL.
+
+ 2017-04-25  Maciej W. Rozycki  <macro@imgtec.com>
+ 
+        * readelf.c (process_mips_specific): Remove error reporting from
author	Thiruvadi Rajaraman <trajaraman@mvista.com>	2017-08-30 17:51:17 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-01-07 17:10:07 +0000
commit	7963e14e406ce4bb596d1928e5623a7a0911837e (patch)
tree	d29de4766752d0ca1b432ea303b7dc67a158fdae /meta/recipes-devtools
parent	7296c9fbd6cbf871f163cf3cb55d5ef2415e588d (diff)
download	poky-7963e14e406ce4bb596d1928e5623a7a0911837e.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 3c29f660cd..772df0af30 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -53,6 +53,7 @@ SRC_URI = "\
53	file://CVE-2017-9041_1.patch \	53	file://CVE-2017-9041_1.patch \
54	file://CVE-2017-9041_2.patch \	54	file://CVE-2017-9041_2.patch \
55	file://CVE-2017-7226.patch \	55	file://CVE-2017-7226.patch \
		56	file://CVE-2017-12448.patch \
56	"	57	"
57	S = "${WORKDIR}/git"	58	S = "${WORKDIR}/git"
58		59


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch new file mode 100644 index 0000000000..039166cfb9 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch
@@ -0,0 +1,49 @@
		1	commit 909e4e716c4d77e33357bbe9bc902bfaf2e1af24
		2	Author: Nick Clifton <nickc@redhat.com>
		3	Date: Wed Jul 19 14:49:12 2017 +0100
		4
		5	Fix use-after-free error when parsing a corrupt nested archive.
		6
		7	PR 21787
		8	* archive.c (bfd_generic_archive_p): If the bfd does not have the
		9	correct magic bytes at the start, set the error to wrong format
		10	and clear the format selector before returning NULL.
		11
		12	Upstream-Status: Backport
		13
		14	CVE: CVE-2017-12448
		15	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
		16
		17	Index: git/bfd/archive.c
		18	===================================================================
		19	--- git.orig/bfd/archive.c 2017-08-30 16:44:10.848601412 +0530
		20	+++ git/bfd/archive.c 2017-08-30 16:44:21.400855758 +0530
		21	@@ -834,7 +834,12 @@
		22	if (strncmp (armag, ARMAG, SARMAG) != 0
		23	&& strncmp (armag, ARMAGB, SARMAG) != 0
		24	&& ! bfd_is_thin_archive (abfd))
		25	- return NULL;
		26	+ {
		27	+ bfd_set_error (bfd_error_wrong_format);
		28	+ if (abfd->format == bfd_archive)
		29	+ abfd->format = bfd_unknown;
		30	+ return NULL;
		31	+ }
		32
		33	tdata_hold = bfd_ardata (abfd);
		34
		35	Index: git/bfd/ChangeLog
		36	===================================================================
		37	--- git.orig/bfd/ChangeLog 2017-08-30 16:44:21.340854320 +0530
		38	+++ git/bfd/ChangeLog 2017-08-30 16:46:48.716143277 +0530
		39	@@ -1,3 +1,10 @@
		40	+2017-07-19 Nick Clifton <nickc@redhat.com>
		41	+
		42	+ PR 21787
		43	+ * archive.c (bfd_generic_archive_p): If the bfd does not have the
		44	+ correct magic bytes at the start, set the error to wrong format
		45	+ and clear the format selector before returning NULL.
		46	+
		47	2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
		48
		49	* readelf.c (process_mips_specific): Remove error reporting from