diff options
author | Anuj Mittal <anuj.mittal@intel.com> | 2019-08-19 21:43:11 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-08-21 21:52:59 +0100 |
commit | 7ef44dbd3b99a2150b552cbe8941dd592197eb43 (patch) | |
tree | de74e25485d458c8fe2355b7eff8cd6289abe4ac /meta/recipes-devtools | |
parent | eaa58d850adde0460697ab44653a5a99cb58ccc2 (diff) | |
download | poky-7ef44dbd3b99a2150b552cbe8941dd592197eb43.tar.gz |
binutils: fix CVE-2019-14250 CVE-2019-14444
(From OE-Core rev: abdc51527988afdcfd2db6dc08ebb6083a341be9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
3 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc b/meta/recipes-devtools/binutils/binutils-2.32.inc index 31c24a37f5..d3c52936d1 100644 --- a/meta/recipes-devtools/binutils/binutils-2.32.inc +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc | |||
@@ -50,6 +50,8 @@ SRC_URI = "\ | |||
50 | file://CVE-2019-9077.patch \ | 50 | file://CVE-2019-9077.patch \ |
51 | file://CVE-2019-9071.patch \ | 51 | file://CVE-2019-9071.patch \ |
52 | file://CVE-2019-12972.patch \ | 52 | file://CVE-2019-12972.patch \ |
53 | file://CVE-2019-14250.patch \ | ||
54 | file://CVE-2019-14444.patch \ | ||
53 | " | 55 | " |
54 | S = "${WORKDIR}/git" | 56 | S = "${WORKDIR}/git" |
55 | 57 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch new file mode 100644 index 0000000000..c915a832b0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From df78be05daf4eb07f60f50ec1080cb979af32ec0 Mon Sep 17 00:00:00 2001 | ||
2 | From: marxin <marxin@138bc75d-0d04-0410-961f-82ee72b054a4> | ||
3 | Date: Tue, 23 Jul 2019 07:33:32 +0000 | ||
4 | Subject: [PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c | ||
5 | |||
6 | git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@273718 138bc75d-0d04-0410-961f-82ee72b054a4 | ||
7 | |||
8 | CVE: CVE-2019-14250 | ||
9 | Upstream-Status: Backport [from gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=273718] | ||
10 | [Removed Changelog entry] | ||
11 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
12 | --- | ||
13 | diff --git a/libiberty/simple-object-elf.c b/libiberty/simple-object-elf.c | ||
14 | index 502388991a08..bdee963634d6 100644 | ||
15 | --- a/libiberty/simple-object-elf.c | ||
16 | +++ b/libiberty/simple-object-elf.c | ||
17 | @@ -548,7 +548,15 @@ simple_object_elf_match (unsigned char header[SIMPLE_OBJECT_MATCH_HEADER_LEN], | ||
18 | XDELETE (eor); | ||
19 | return NULL; | ||
20 | } | ||
21 | - | ||
22 | + | ||
23 | + if (eor->shstrndx == 0) | ||
24 | + { | ||
25 | + *errmsg = "invalid ELF shstrndx == 0"; | ||
26 | + *err = 0; | ||
27 | + XDELETE (eor); | ||
28 | + return NULL; | ||
29 | + } | ||
30 | + | ||
31 | return (void *) eor; | ||
32 | } | ||
33 | |||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch new file mode 100644 index 0000000000..85b9a9f916 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Mon, 5 Aug 2019 10:40:35 +0100 | ||
4 | Subject: [PATCH] Catch potential integer overflow in readelf when processing | ||
5 | corrupt binaries. | ||
6 | |||
7 | PR 24829 | ||
8 | * readelf.c (apply_relocations): Catch potential integer overflow | ||
9 | whilst checking reloc location against section size. | ||
10 | |||
11 | CVE: CVE-2019-14444 | ||
12 | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7] | ||
13 | [Removed Changelog entry] | ||
14 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
15 | --- | ||
16 | diff --git a/binutils/readelf.c b/binutils/readelf.c | ||
17 | index b896ad9f406..e785fde43e7 100644 | ||
18 | --- a/binutils/readelf.c | ||
19 | +++ b/binutils/readelf.c | ||
20 | @@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata, | ||
21 | } | ||
22 | |||
23 | rloc = start + rp->r_offset; | ||
24 | - if ((rloc + reloc_size) > end || (rloc < start)) | ||
25 | + if (rloc >= end || (rloc + reloc_size) > end || (rloc < start)) | ||
26 | { | ||
27 | warn (_("skipping invalid relocation offset 0x%lx in section %s\n"), | ||
28 | (unsigned long) rp->r_offset, | ||