summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@arm.com>2023-06-05 17:24:13 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2023-06-06 07:41:42 +0100
commit5131819228bb9968a64b52afb6461681d1090b5c (patch)
treeb1d94b78885b16ef7072cab63158b6c86fb0202d /meta
parent83d458d9583c80c810526570220abb1f071df0b4 (diff)
downloadpoky-5131819228bb9968a64b52afb6461681d1090b5c.tar.gz
binutils: fix CVE-2023-1972
Backport a patch from upstream to fix CVE-2023-1972. (From OE-Core rev: 10d63933e3a30bfac2f6cec896460c22e04baadd) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.40.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/0001-Fix-an-illegal-memory-access-when-an-accessing-a-zer.patch43
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.40.inc b/meta/recipes-devtools/binutils/binutils-2.40.inc
index 84dbf5f730..dea68ee6fc 100644
--- a/meta/recipes-devtools/binutils/binutils-2.40.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.40.inc
@@ -35,5 +35,6 @@ SRC_URI = "\
35 file://0015-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ 35 file://0015-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
36 file://0016-CVE-2023-25586.patch \ 36 file://0016-CVE-2023-25586.patch \
37 file://fix-time64.patch \ 37 file://fix-time64.patch \
38 file://0001-Fix-an-illegal-memory-access-when-an-accessing-a-zer.patch \
38" 39"
39S = "${WORKDIR}/git" 40S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0001-Fix-an-illegal-memory-access-when-an-accessing-a-zer.patch b/meta/recipes-devtools/binutils/binutils/0001-Fix-an-illegal-memory-access-when-an-accessing-a-zer.patch
new file mode 100644
index 0000000000..31157cacd2
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0001-Fix-an-illegal-memory-access-when-an-accessing-a-zer.patch
@@ -0,0 +1,43 @@
1From c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57 Mon Sep 17 00:00:00 2001
2From: Nick Clifton <nickc@redhat.com>
3Date: Thu, 30 Mar 2023 10:10:09 +0100
4Subject: [PATCH] Fix an illegal memory access when an accessing a
5 zer0-lengthverdef table.
6
7 PR 30285
8 * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated.
9
10CVE: CVE-2023-1972
11Upstream-Status: Backport
12Signed-off-by: Ross Burton <ross.burton@arm.com>
13---
14 bfd/ChangeLog | 6 ++++++
15 bfd/elf.c | 5 +++++
16 2 files changed, 11 insertions(+)
17
18diff --git a/bfd/elf.c b/bfd/elf.c
19index 027d0143735..185028cbd97 100644
20--- a/bfd/elf.c
21+++ b/bfd/elf.c
22@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
23 bfd_set_error (bfd_error_file_too_big);
24 goto error_return_verdef;
25 }
26+
27+ if (amt == 0)
28+ goto error_return_verdef;
29 elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
30 if (elf_tdata (abfd)->verdef == NULL)
31 goto error_return_verdef;
32@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
33 bfd_set_error (bfd_error_file_too_big);
34 goto error_return;
35 }
36+ if (amt == 0)
37+ goto error_return;
38 elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
39 if (elf_tdata (abfd)->verdef == NULL)
40 goto error_return;
41--
422.34.1
43