diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch new file mode 100644 index 0000000000..ee827ee3e7 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch | |||
@@ -0,0 +1,56 @@ | |||
1 | From 82156ab704b08b124d319c0decdbd48b3ca2dac5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Mon, 3 Apr 2017 12:14:06 +0100 | ||
4 | Subject: [PATCH] readelf: Fix overlarge memory allocation when reading a | ||
5 | binary with an excessive number of program headers. | ||
6 | |||
7 | PR binutils/21345 | ||
8 | * readelf.c (get_program_headers): Check for there being too many | ||
9 | program headers before attempting to allocate space for them. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | CVE: CVE-2017-9039 | ||
13 | VER: <= 2.28 | ||
14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
15 | |||
16 | --- | ||
17 | binutils/ChangeLog | 6 ++++++ | ||
18 | binutils/readelf.c | 17 ++++++++++++++--- | ||
19 | 2 files changed, 20 insertions(+), 3 deletions(-) | ||
20 | |||
21 | Index: git/binutils/readelf.c | ||
22 | =================================================================== | ||
23 | --- git.orig/binutils/readelf.c | ||
24 | +++ git/binutils/readelf.c | ||
25 | @@ -4705,9 +4705,19 @@ get_program_headers (FILE * file) | ||
26 | if (program_headers != NULL) | ||
27 | return 1; | ||
28 | |||
29 | - phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum, | ||
30 | - sizeof (Elf_Internal_Phdr)); | ||
31 | + /* Be kind to memory checkers by looking for | ||
32 | + e_phnum values which we know must be invalid. */ | ||
33 | + if (elf_header.e_phnum | ||
34 | + * (is_32bit_elf ? sizeof (Elf32_External_Phdr) : sizeof (Elf64_External_Phdr)) | ||
35 | + >= current_file_size) | ||
36 | + { | ||
37 | + error (_("Too many program headers - %#x - the file is not that big\n"), | ||
38 | + elf_header.e_phnum); | ||
39 | + return FALSE; | ||
40 | + } | ||
41 | |||
42 | + phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum, | ||
43 | + sizeof (Elf_Internal_Phdr)); | ||
44 | if (phdrs == NULL) | ||
45 | { | ||
46 | error (_("Out of memory reading %u program headers\n"), | ||
47 | @@ -14993,7 +15003,8 @@ process_mips_specific (FILE * file) | ||
48 | /* PR 21344 */ | ||
49 | if (data + ent - pltgot > data_end - addr_size) | ||
50 | { | ||
51 | - error (_("Invalid got entry - %#lx - overflows GOT table\n"), ent); | ||
52 | + error (_("Invalid got entry - %#lx - overflows GOT table\n"), | ||
53 | + (long) ent); | ||
54 | goto got_print_fail; | ||
55 | } | ||
56 | |||