binutis: Security fix CVE-2017-7614

Source: binutils-gbd.git MR: 71732 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456 ChangeID: 44d3f2d902013f6e8faf485bf736106a11603e16 Description: minor change to get changelog to apply Affects: binutils < 2.28 (From OE-Core rev: 72dc7aa95afb64bc9ff070e5c2b372d2db6ac5c6) Signed-off-by: Armin Kuster <akuster@mvista.com> Reviewed-by Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2017-06-21 08:07:20 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07 17:10:07 +0000
commit: a69088e788f7149d98d1f50ae8de2fbe1bc01411 (patch)
tree: a1341cd7b57b92abdee534047f1e71f6faac2383 /meta/recipes-devtools
parent: bd7388283bfff81073b0c780566999228ba66ef8 (diff)
download: poky-a69088e788f7149d98d1f50ae8de2fbe1bc01411.tar.gz
2 files changed, 106 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 0936d974d4..22f02e9349 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -45,6 +45,7 @@ SRC_URI = "\
     file://CVE-2017-6969_2.patch \
     file://CVE-2017-7209.patch \
     file://CVE-2017-7210.patch \
+     file://CVE-2017-7614.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
new file mode 100644
index 0000000000..0fb32b3e26
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
@@ -0,0 +1,105 @@
+From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 4 Apr 2017 11:23:36 +0100
+Subject: [PATCH] Fix null pointer dereferences when using a link built with
+ clang.
+        PR binutils/21342
+        * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
+        dereference.
+        (bfd_elf_final_link): Only initialize the extended symbol index
+        section if there are extended symbol tables to list.
+Upstream-Status: Backport
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
+CVE: CVE-2017-7614
+Singed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/elflink.c | 35 +++++++++++++++++++++--------------
+ 2 files changed, 29 insertions(+), 14 deletions(-)
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c
+++ git/bfd/elflink.c
+@@ -118,15 +118,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
+         defined in shared libraries can't be overridden, because we
+         lose the link to the bfd which is via the symbol section.  */
+       h->root.type = bfd_link_hash_new;
+      bh = &h->root;
+     }
+  else
+    bh = NULL;
+ 
+-  bh = &h->root;
+   bed = get_elf_backend_data (abfd);
+   if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
+                                         sec, 0, NULL, FALSE, bed->collect,
+                                         &bh))
+     return NULL;
+   h = (struct elf_link_hash_entry *) bh;
+  BFD_ASSERT (h != NULL);
+   h->def_regular = 1;
+   h->non_elf = 0;
+   h->root.linker_def = 1;
+@@ -11789,24 +11792,28 @@ bfd_elf_final_link (bfd *abfd, struct bf
+     {
+       /* Finish up and write out the symbol string table (.strtab)
+         section.  */
+-      Elf_Internal_Shdr *symstrtab_hdr;
+      Elf_Internal_Shdr *symstrtab_hdr = NULL;
+       file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
+ 
+-      symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+-      if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
+      if (elf_symtab_shndx_list (abfd))
+        {
+-         symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
+-         symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
+-         symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
+-         amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
+-         symtab_shndx_hdr->sh_size = amt;
+         symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+ 
+-         off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
+-                                                          off, TRUE);
+         if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
+           {
+             symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
+             symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
+             symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
+             amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
+             symtab_shndx_hdr->sh_size = amt;
+ 
+-         if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
+-             || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
+-           return FALSE;
+             off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
+                                                              off, TRUE);
+
+             if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
+                 || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
+               return FALSE;
+           }
+        }
+ 
+       symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
+2017-04-04  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21342
+       * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
+       dereference.
+       (bfd_elf_final_link): Only initialize the extended symbol index
+       section if there are extended symbol tables to list.
+
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+        PR ld/17739
author	Armin Kuster <akuster@mvista.com>	2017-06-21 08:07:20 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-01-07 17:10:07 +0000
commit	a69088e788f7149d98d1f50ae8de2fbe1bc01411 (patch)
tree	a1341cd7b57b92abdee534047f1e71f6faac2383 /meta/recipes-devtools
parent	bd7388283bfff81073b0c780566999228ba66ef8 (diff)
download	poky-a69088e788f7149d98d1f50ae8de2fbe1bc01411.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 0936d974d4..22f02e9349 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -45,6 +45,7 @@ SRC_URI = "\
45	file://CVE-2017-6969_2.patch \	45	file://CVE-2017-6969_2.patch \
46	file://CVE-2017-7209.patch \	46	file://CVE-2017-7209.patch \
47	file://CVE-2017-7210.patch \	47	file://CVE-2017-7210.patch \
		48	file://CVE-2017-7614.patch \
48	"	49	"
49	S = "${WORKDIR}/git"	50	S = "${WORKDIR}/git"
50		51


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch new file mode 100644 index 0000000000..0fb32b3e26 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
@@ -0,0 +1,105 @@
		1	From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Tue, 4 Apr 2017 11:23:36 +0100
		4	Subject: [PATCH] Fix null pointer dereferences when using a link built with
		5	clang.
		6
		7	PR binutils/21342
		8	* elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
		9	dereference.
		10	(bfd_elf_final_link): Only initialize the extended symbol index
		11	section if there are extended symbol tables to list.
		12
		13	Upstream-Status: Backport
		14	https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
		15
		16	CVE: CVE-2017-7614
		17
		18	Singed-off-by: Armin Kuster <akuster@mvista.com>
		19
		20	---
		21	bfd/elflink.c \| 35 +++++++++++++++++++++--------------
		22	2 files changed, 29 insertions(+), 14 deletions(-)
		23
		24	Index: git/bfd/elflink.c
		25	===================================================================
		26	--- git.orig/bfd/elflink.c
		27	+++ git/bfd/elflink.c
		28	@@ -118,15 +118,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
		29	defined in shared libraries can't be overridden, because we
		30	lose the link to the bfd which is via the symbol section. */
		31	h->root.type = bfd_link_hash_new;
		32	+ bh = &h->root;
		33	}
		34	+ else
		35	+ bh = NULL;
		36
		37	- bh = &h->root;
		38	bed = get_elf_backend_data (abfd);
		39	if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
		40	sec, 0, NULL, FALSE, bed->collect,
		41	&bh))
		42	return NULL;
		43	h = (struct elf_link_hash_entry *) bh;
		44	+ BFD_ASSERT (h != NULL);
		45	h->def_regular = 1;
		46	h->non_elf = 0;
		47	h->root.linker_def = 1;
		48	@@ -11789,24 +11792,28 @@ bfd_elf_final_link (bfd *abfd, struct bf
		49	{
		50	/* Finish up and write out the symbol string table (.strtab)
		51	section. */
		52	- Elf_Internal_Shdr *symstrtab_hdr;
		53	+ Elf_Internal_Shdr *symstrtab_hdr = NULL;
		54	file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
		55
		56	- symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
		57	- if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
		58	+ if (elf_symtab_shndx_list (abfd))
		59	{
		60	- symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
		61	- symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
		62	- symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
		63	- amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
		64	- symtab_shndx_hdr->sh_size = amt;
		65	+ symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
		66
		67	- off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
		68	- off, TRUE);
		69	+ if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
		70	+ {
		71	+ symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
		72	+ symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
		73	+ symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
		74	+ amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
		75	+ symtab_shndx_hdr->sh_size = amt;
		76
		77	- if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
		78	- \|\| (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
		79	- return FALSE;
		80	+ off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
		81	+ off, TRUE);
		82	+
		83	+ if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
		84	+ \|\| (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
		85	+ return FALSE;
		86	+ }
		87	}
		88
		89	symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
		90	Index: git/bfd/ChangeLog
		91	===================================================================
		92	--- git.orig/bfd/ChangeLog
		93	+++ git/bfd/ChangeLog
		94	@@ -1,3 +1,11 @@
		95	+2017-04-04 Nick Clifton <nickc@redhat.com>
		96	+
		97	+ PR binutils/21342
		98	+ * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
		99	+ dereference.
		100	+ (bfd_elf_final_link): Only initialize the extended symbol index
		101	+ section if there are extended symbol tables to list.
		102	+
		103	2016-08-02 Nick Clifton <nickc@redhat.com>
		104
		105	PR ld/17739