diff options
author | Armin Kuster <akuster@mvista.com> | 2018-08-07 21:20:03 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-15 10:22:45 +0100 |
commit | e1a49c7e83f2be3967fb9aa4a1c6034152b4f8bb (patch) | |
tree | 4051d25ff775d2bac99ceb9efb011d9b0cb05221 /meta | |
parent | e6fdc8959bb4a9c3f5c734ea9381ffc3b817df68 (diff) | |
download | poky-e1a49c7e83f2be3967fb9aa4a1c6034152b4f8bb.tar.gz |
binutls: Security fix for CVE-2017-17125
Affects: <= 2.29.1
(From OE-Core rev: 7e5cf6ef776465101f18daf22f283c87423c7d20)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch | 129 |
2 files changed, 130 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 59718c7d1f..f80b59a9bf 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc | |||
@@ -63,6 +63,7 @@ SRC_URI = "\ | |||
63 | file://CVE-2017-17080.patch \ | 63 | file://CVE-2017-17080.patch \ |
64 | file://CVE-2017-17121.patch \ | 64 | file://CVE-2017-17121.patch \ |
65 | file://CVE-2017-17122.patch \ | 65 | file://CVE-2017-17122.patch \ |
66 | file://CVE-2017-17125.patch \ | ||
66 | " | 67 | " |
67 | S = "${WORKDIR}/git" | 68 | S = "${WORKDIR}/git" |
68 | 69 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch new file mode 100644 index 0000000000..30dc6d5727 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch | |||
@@ -0,0 +1,129 @@ | |||
1 | From 160b1a618ad94988410dc81fce9189fcda5b7ff4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Sat, 18 Nov 2017 23:18:22 +1030 | ||
4 | Subject: [PATCH] PR22443, Global buffer overflow in | ||
5 | _bfd_elf_get_symbol_version_string | ||
6 | |||
7 | Symbols like *ABS* defined in bfd/section.c:global_syms are not | ||
8 | elf_symbol_type. They can appear on relocs and perhaps other places | ||
9 | in an ELF bfd, so a number of places in nm.c and objdump.c are wrong | ||
10 | to cast an asymbol based on the bfd being ELF. I think we lose | ||
11 | nothing by excluding all section symbols, not just the global_syms. | ||
12 | |||
13 | PR 22443 | ||
14 | * nm.c (sort_symbols_by_size): Don't attempt to access | ||
15 | section symbol internal_elf_sym. | ||
16 | (print_symbol): Likewise. Don't call bfd_get_symbol_version_string | ||
17 | for section symbols. | ||
18 | * objdump.c (compare_symbols): Don't attempt to access | ||
19 | section symbol internal_elf_sym. | ||
20 | (objdump_print_symname): Don't call bfd_get_symbol_version_string | ||
21 | for section symbols. | ||
22 | |||
23 | Upstream-Status: Backport | ||
24 | Affects: <= 2.29.1 | ||
25 | CVE: CVE-2017-17125 | ||
26 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
27 | |||
28 | --- | ||
29 | binutils/ChangeLog | 12 ++++++++++++ | ||
30 | binutils/nm.c | 17 ++++++++++------- | ||
31 | binutils/objdump.c | 6 +++--- | ||
32 | 3 files changed, 25 insertions(+), 10 deletions(-) | ||
33 | |||
34 | Index: git/binutils/nm.c | ||
35 | =================================================================== | ||
36 | --- git.orig/binutils/nm.c | ||
37 | +++ git/binutils/nm.c | ||
38 | @@ -765,7 +765,6 @@ sort_symbols_by_size (bfd *abfd, bfd_boo | ||
39 | asection *sec; | ||
40 | bfd_vma sz; | ||
41 | asymbol *temp; | ||
42 | - int synthetic = (sym->flags & BSF_SYNTHETIC); | ||
43 | |||
44 | if (from + size < fromend) | ||
45 | { | ||
46 | @@ -782,10 +781,13 @@ sort_symbols_by_size (bfd *abfd, bfd_boo | ||
47 | sec = bfd_get_section (sym); | ||
48 | |||
49 | /* Synthetic symbols don't have a full type set of data available, thus | ||
50 | - we can't rely on that information for the symbol size. */ | ||
51 | - if (!synthetic && bfd_get_flavour (abfd) == bfd_target_elf_flavour) | ||
52 | + we can't rely on that information for the symbol size. Ditto for | ||
53 | + bfd/section.c:global_syms like *ABS*. */ | ||
54 | + if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 | ||
55 | + && bfd_get_flavour (abfd) == bfd_target_elf_flavour) | ||
56 | sz = ((elf_symbol_type *) sym)->internal_elf_sym.st_size; | ||
57 | - else if (!synthetic && bfd_is_com_section (sec)) | ||
58 | + else if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 | ||
59 | + && bfd_is_com_section (sec)) | ||
60 | sz = sym->value; | ||
61 | else | ||
62 | { | ||
63 | @@ -874,8 +876,9 @@ print_symbol (bfd * abfd, | ||
64 | |||
65 | info.sinfo = &syminfo; | ||
66 | info.ssize = ssize; | ||
67 | - /* Synthetic symbols do not have a full symbol type set of data available. */ | ||
68 | - if ((sym->flags & BSF_SYNTHETIC) != 0) | ||
69 | + /* Synthetic symbols do not have a full symbol type set of data available. | ||
70 | + Nor do bfd/section.c:global_syms like *ABS*. */ | ||
71 | + if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) != 0) | ||
72 | { | ||
73 | info.elfinfo = NULL; | ||
74 | info.coffinfo = NULL; | ||
75 | @@ -893,7 +896,7 @@ print_symbol (bfd * abfd, | ||
76 | const char * version_string = NULL; | ||
77 | bfd_boolean hidden = FALSE; | ||
78 | |||
79 | - if ((sym->flags & BSF_SYNTHETIC) == 0) | ||
80 | + if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) | ||
81 | version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); | ||
82 | |||
83 | if (bfd_is_und_section (bfd_get_section (sym))) | ||
84 | Index: git/binutils/objdump.c | ||
85 | =================================================================== | ||
86 | --- git.orig/binutils/objdump.c | ||
87 | +++ git/binutils/objdump.c | ||
88 | @@ -799,10 +799,10 @@ compare_symbols (const void *ap, const v | ||
89 | bfd_vma asz, bsz; | ||
90 | |||
91 | asz = 0; | ||
92 | - if ((a->flags & BSF_SYNTHETIC) == 0) | ||
93 | + if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) | ||
94 | asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; | ||
95 | bsz = 0; | ||
96 | - if ((b->flags & BSF_SYNTHETIC) == 0) | ||
97 | + if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) | ||
98 | bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; | ||
99 | if (asz != bsz) | ||
100 | return asz > bsz ? -1 : 1; | ||
101 | @@ -888,7 +888,7 @@ objdump_print_symname (bfd *abfd, struct | ||
102 | name = alloc; | ||
103 | } | ||
104 | |||
105 | - if ((sym->flags & BSF_SYNTHETIC) == 0) | ||
106 | + if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) | ||
107 | version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); | ||
108 | |||
109 | if (bfd_is_und_section (bfd_get_section (sym))) | ||
110 | Index: git/binutils/ChangeLog | ||
111 | =================================================================== | ||
112 | --- git.orig/binutils/ChangeLog | ||
113 | +++ git/binutils/ChangeLog | ||
114 | @@ -1,3 +1,15 @@ | ||
115 | +2017-11-18 Alan Modra <amodra@gmail.com> | ||
116 | + | ||
117 | + PR 22443 | ||
118 | + * nm.c (sort_symbols_by_size): Don't attempt to access | ||
119 | + section symbol internal_elf_sym. | ||
120 | + (print_symbol): Likewise. Don't call bfd_get_symbol_version_string | ||
121 | + for section symbols. | ||
122 | + * objdump.c (compare_symbols): Don't attempt to access | ||
123 | + section symbol internal_elf_sym. | ||
124 | + (objdump_print_symname): Don't call bfd_get_symbol_version_string | ||
125 | + for section symbols. | ||
126 | + | ||
127 | 2017-11-29 Nick Clifton <nickc@redhat.com> | ||
128 | |||
129 | PR 22508 | ||