binutils : CVE-2022-38533

Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797] (From OE-Core rev: 2cf26e2e5a83d2b2efd01de34c11da07eeb9c8f9) Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Florin Diaconescu <florin.diaconescu009@gmail.com> 2022-09-13 15:45:43 +0300
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-09-16 17:53:28 +0100
commit: aa19c8c35e5130b765fff4316c73c5710c98d9cd (patch)
tree: c94e6390a2c2dbacb9ebf548116392771eb018b5 /meta
parent: a69227932f31ff2b406404c4980a65e893d4bea3 (diff)
download: poky-aa19c8c35e5130b765fff4316c73c5710c98d9cd.tar.gz
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc
index 6a55de2d45..ff0d467132 100644
--- a/meta/recipes-devtools/binutils/binutils-2.34.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -52,5 +52,6 @@ SRC_URI = "\
     file://CVE-2021-3549.patch \
     file://CVE-2020-16593.patch \
     file://0001-CVE-2021-45078.patch \
+     file://CVE-2022-38533.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch
new file mode 100644
index 0000000000..102d65f8a6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch
@@ -0,0 +1,37 @@
+From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 13 Aug 2022 15:32:47 +0930
+Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
+        PR 29482
+        * coffcode.h (coff_set_section_contents): Sanity check _LIB.
+CVE: CVE-2022-38533
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]
+Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
+---
+ bfd/coffcode.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+diff --git a/bfd/coffcode.h b/bfd/coffcode.h
+index dec2e9c6370..75c18d88602 100644
+--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
+@@ -4170,10 +4170,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+        rec = (bfd_byte *) location;
+        recend = rec + count;
+-       while (rec < recend)
+       while (recend - rec >= 4)
+          {
+           size_t len = bfd_get_32 (abfd, rec);
+           if (len == 0 || len > (size_t) (recend - rec) / 4)
+             break;
+           rec += len * 4;
+            ++section->lma;
+-           rec += bfd_get_32 (abfd, rec) * 4;
+          }
+ 
+        BFD_ASSERT (rec == recend);
author	Florin Diaconescu <florin.diaconescu009@gmail.com>	2022-09-13 15:45:43 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +0100
commit	aa19c8c35e5130b765fff4316c73c5710c98d9cd (patch)
tree	c94e6390a2c2dbacb9ebf548116392771eb018b5 /meta
parent	a69227932f31ff2b406404c4980a65e893d4bea3 (diff)
download	poky-aa19c8c35e5130b765fff4316c73c5710c98d9cd.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc index 6a55de2d45..ff0d467132 100644 --- a/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -52,5 +52,6 @@ SRC_URI = "\
52	file://CVE-2021-3549.patch \	52	file://CVE-2021-3549.patch \
53	file://CVE-2020-16593.patch \	53	file://CVE-2020-16593.patch \
54	file://0001-CVE-2021-45078.patch \	54	file://0001-CVE-2021-45078.patch \
		55	file://CVE-2022-38533.patch \
55	"	56	"
56	S = "${WORKDIR}/git"	57	S = "${WORKDIR}/git"


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch new file mode 100644 index 0000000000..102d65f8a6 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch
@@ -0,0 +1,37 @@
		1	From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Sat, 13 Aug 2022 15:32:47 +0930
		4	Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
		5
		6	PR 29482
		7	* coffcode.h (coff_set_section_contents): Sanity check _LIB.
		8
		9	CVE: CVE-2022-38533
		10	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]
		11
		12	Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
		13
		14	---
		15	bfd/coffcode.h \| 7 +++++--
		16	1 file changed, 5 insertions(+), 2 deletions(-)
		17
		18	diff --git a/bfd/coffcode.h b/bfd/coffcode.h
		19	index dec2e9c6370..75c18d88602 100644
		20	--- a/bfd/coffcode.h
		21	+++ b/bfd/coffcode.h
		22	@@ -4170,10 +4170,13 @@ coff_set_section_contents (bfd * abfd,
		23
		24	rec = (bfd_byte *) location;
		25	recend = rec + count;
		26	- while (rec < recend)
		27	+ while (recend - rec >= 4)
		28	{
		29	+ size_t len = bfd_get_32 (abfd, rec);
		30	+ if (len == 0 \|\| len > (size_t) (recend - rec) / 4)
		31	+ break;
		32	+ rec += len * 4;
		33	++section->lma;
		34	- rec += bfd_get_32 (abfd, rec) * 4;
		35	}
		36
		37	BFD_ASSERT (rec == recend);