summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorThiruvadi Rajaraman <trajaraman@mvista.com>2017-09-04 16:47:25 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-01-07 17:10:07 +0000
commit951aea1f7bb7a3394429918b4322ea72af568151 (patch)
tree32804c043a4a39b3d1d4ef0d718d08d181243f93 /meta
parentd827c876357e1ff81a81955f145eaf98247b151f (diff)
downloadpoky-951aea1f7bb7a3394429918b4322ea72af568151.tar.gz
binutils: CVE-2017-7304
Source: git://sourceware.org/git/binutils-gdb.git MR: 74192 Type: Security Fix Disposition: Backport from binutils-2_28-branch ChangeID: 9a4c249becded1b479c0b9e9f175aebb80294317 Description: Fix seg-fault in strip when copying a corrupt binary. PR binutils/20931 * elf.c (copy_special_section_fields): Check for an invalid sh_link field before attempting to follow it. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: fcadfc35ebe90d3f0f3aa0db8caeddb5c07c3120) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.27.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch53
2 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index b60aa8a69d..d1ad198c57 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -66,6 +66,7 @@ SRC_URI = "\
66 file://CVE-2017-7301.patch \ 66 file://CVE-2017-7301.patch \
67 file://CVE-2017-7302.patch \ 67 file://CVE-2017-7302.patch \
68 file://CVE-2017-7303.patch \ 68 file://CVE-2017-7303.patch \
69 file://CVE-2017-7304.patch \
69" 70"
70S = "${WORKDIR}/git" 71S = "${WORKDIR}/git"
71 72
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch
new file mode 100644
index 0000000000..817a3f0176
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch
@@ -0,0 +1,53 @@
1commit 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df
2Author: Nick Clifton <nickc@redhat.com>
3Date: Tue Dec 6 16:53:57 2016 +0000
4
5 Fix seg-fault in strip when copying a corrupt binary.
6
7 PR binutils/20931
8 * elf.c (copy_special_section_fields): Check for an invalid
9 sh_link field before attempting to follow it.
10
11Upstream-Status: Backport
12
13CVE: CVE-2017-7304
14Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
15
16Index: git/bfd/ChangeLog
17===================================================================
18--- git.orig/bfd/ChangeLog 2017-09-04 16:13:03.512095249 +0530
19+++ git/bfd/ChangeLog 2017-09-04 16:16:25.173745111 +0530
20@@ -114,6 +114,12 @@
21 (bfd_elf_final_link): Only initialize the extended symbol index
22 section if there are extended symbol tables to list.
23
24+ 2016-12-06 Nick Clifton <nickc@redhat.com>
25+
26+ PR binutils/20931
27+ * elf.c (copy_special_section_fields): Check for an invalid
28+ sh_link field before attempting to follow it.
29+
30 2016-12-05 Nick Clifton <nickc@redhat.com>
31
32 PR binutils/20905
33Index: git/bfd/elf.c
34===================================================================
35--- git.orig/bfd/elf.c 2017-09-04 16:13:03.512095249 +0530
36+++ git/bfd/elf.c 2017-09-04 16:15:38.257359045 +0530
37@@ -1324,6 +1324,16 @@
38 in the input bfd. */
39 if (iheader->sh_link != SHN_UNDEF)
40 {
41+ /* See PR 20931 for a reproducer. */
42+ if (iheader->sh_link >= elf_numsections (ibfd))
43+ {
44+ (* _bfd_error_handler)
45+ /* xgettext:c-format */
46+ (_("%B: Invalid sh_link field (%d) in section number %d"),
47+ ibfd, iheader->sh_link, secnum);
48+ return FALSE;
49+ }
50+
51 sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link);
52 if (sh_link != SHN_UNDEF)
53 {