summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.29.1.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch48
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index bd25a525be..cdfbd26c46 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -44,6 +44,7 @@ SRC_URI = "\
44 file://CVE-2017-14938.patch \ 44 file://CVE-2017-14938.patch \
45 file://CVE-2017-14939.patch \ 45 file://CVE-2017-14939.patch \
46 file://CVE-2017-14940.patch \ 46 file://CVE-2017-14940.patch \
47 file://CVE-2017-15021.patch \
47" 48"
48S = "${WORKDIR}/git" 49S = "${WORKDIR}/git"
49 50
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch
new file mode 100644
index 0000000000..caca7b107e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch
@@ -0,0 +1,48 @@
1From 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d Mon Sep 17 00:00:00 2001
2From: Alan Modra <amodra@gmail.com>
3Date: Sun, 24 Sep 2017 21:36:18 +0930
4Subject: [PATCH] PR22197, buffer overflow in bfd_get_debug_link_info_1
5
6 PR 22197
7 * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
8 within section bounds.
9
10Upstream-Status: Backport
11Affects: <= 2.29.1
12CVE: CVE-2017-15021
13Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15---
16 bfd/ChangeLog | 6 ++++++
17 bfd/opncls.c | 2 +-
18 2 files changed, 7 insertions(+), 1 deletion(-)
19
20Index: git/bfd/opncls.c
21===================================================================
22--- git.orig/bfd/opncls.c
23+++ git/bfd/opncls.c
24@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
25 /* PR 17597: avoid reading off the end of the buffer. */
26 crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
27 crc_offset = (crc_offset + 3) & ~3;
28- if (crc_offset >= bfd_get_section_size (sect))
29+ if (crc_offset + 4 > bfd_get_section_size (sect))
30 return NULL;
31
32 *crc32 = bfd_get_32 (abfd, contents + crc_offset);
33Index: git/bfd/ChangeLog
34===================================================================
35--- git.orig/bfd/ChangeLog
36+++ git/bfd/ChangeLog
37@@ -1,5 +1,11 @@
38 2017-09-24 Alan Modra <amodra@gmail.com>
39
40+ PR 22197
41+ * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
42+ within section bounds.
43+
44+2017-09-24 Alan Modra <amodra@gmail.com>
45+
46 PR 22167
47 * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
48