diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 16:34:32 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:10:07 +0000 |
commit | 10e74c42ad77a5178fc42da5960cd61ecdb97150 (patch) | |
tree | 4d2107687d355d78dc00e658f018a430faa67289 /meta | |
parent | a880a7f8d762cdd488ab8336cd4574cb9172bb52 (diff) | |
download | poky-10e74c42ad77a5178fc42da5960cd61ecdb97150.tar.gz |
binutils: CVE-2017-7301
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74231
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: 1fbae9f71e3ad90f930f8b25d550de964e05c259
Description:
Fix seg-fault in linker parsing a corrupt input file.
PR ld/20924
(aout_link_add_symbols): Fix off by one error checking for
overflow of string offset.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: 315608a626f9e21d198d1600ded69114ac1e16d1)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch | 52 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 54cdcc7bb5..59e46b8bf4 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -63,6 +63,7 @@ SRC_URI = "\ | |||
63 | file://CVE-2017-7224.patch \ | 63 | file://CVE-2017-7224.patch \ |
64 | file://CVE-2017-7225.patch \ | 64 | file://CVE-2017-7225.patch \ |
65 | file://CVE-2017-7227.patch \ | 65 | file://CVE-2017-7227.patch \ |
66 | file://CVE-2017-7301.patch \ | ||
66 | " | 67 | " |
67 | S = "${WORKDIR}/git" | 68 | S = "${WORKDIR}/git" |
68 | 69 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch new file mode 100644 index 0000000000..36b4259fde --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | commit daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Mon Dec 5 12:25:34 2016 +0000 | ||
4 | |||
5 | Fix seg-fault in linker parsing a corrupt input file. | ||
6 | |||
7 | PR ld/20924 | ||
8 | (aout_link_add_symbols): Fix off by one error checking for | ||
9 | overflow of string offset. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | CVE: CVE-2017-7301 | ||
14 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
15 | |||
16 | Index: git/bfd/ChangeLog | ||
17 | =================================================================== | ||
18 | --- git.orig/bfd/ChangeLog 2017-09-04 15:42:15.244812577 +0530 | ||
19 | +++ git/bfd/ChangeLog 2017-09-04 15:51:36.573466525 +0530 | ||
20 | @@ -120,6 +120,10 @@ | ||
21 | * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over | ||
22 | the end of the string buffer. | ||
23 | |||
24 | + PR ld/20924 | ||
25 | + (aout_link_add_symbols): Fix off by one error checking for | ||
26 | + overflow of string offset. | ||
27 | + | ||
28 | 2016-12-01 Nick Clifton <nickc@redhat.com> | ||
29 | |||
30 | PR binutils/20891 | ||
31 | Index: git/bfd/aoutx.h | ||
32 | =================================================================== | ||
33 | --- git.orig/bfd/aoutx.h 2017-09-04 15:42:15.244812577 +0530 | ||
34 | +++ git/bfd/aoutx.h 2017-09-04 15:49:36.500479341 +0530 | ||
35 | @@ -3091,7 +3091,7 @@ | ||
36 | BFD_ASSERT (p + 1 < pend); | ||
37 | ++p; | ||
38 | /* PR 19629: Corrupt binaries can contain illegal string offsets. */ | ||
39 | - if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) | ||
40 | + if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd)) | ||
41 | return FALSE; | ||
42 | string = strings + GET_WORD (abfd, p->e_strx); | ||
43 | section = bfd_ind_section_ptr; | ||
44 | @@ -3127,7 +3127,7 @@ | ||
45 | ++p; | ||
46 | string = name; | ||
47 | /* PR 19629: Corrupt binaries can contain illegal string offsets. */ | ||
48 | - if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) | ||
49 | + if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd)) | ||
50 | return FALSE; | ||
51 | name = strings + GET_WORD (abfd, p->e_strx); | ||
52 | section = bfd_und_section_ptr; | ||