diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch new file mode 100644 index 0000000000..9c3cb8ca25 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch | |||
@@ -0,0 +1,84 @@ | |||
1 | From c4ab9505b53cdc899506ed421fddb7e1f8faf7a3 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Maciej W. Rozycki" <macro@imgtec.com> | ||
3 | Date: Wed, 12 Apr 2017 00:03:41 +0100 | ||
4 | Subject: [PATCH] MIPS/readelf: Simplify GOT[1] data availability check | ||
5 | |||
6 | Unavailable data is handled gracefully in MIPS GOT processing done by | ||
7 | `print_mips_got_entry', so all that is needed in special GOT[1] handling | ||
8 | is to verify whether data can be retrieved for the purpose of the GNU | ||
9 | marker check done with `byte_get'. Remove the extra error reporting | ||
10 | code then, introduced with commit 75ec1fdbb797 ("Fix runtime seg-fault | ||
11 | in readelf when parsing a corrupt MIPS binary.") in the course of | ||
12 | addressing PR binutils/21344, and defer the error case to regular local | ||
13 | GOT entry processing. | ||
14 | |||
15 | binutils/ | ||
16 | * readelf.c (process_mips_specific): Remove error reporting from | ||
17 | GOT[1] processing. | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | CVE: CVE-2017-9041 | ||
21 | VER: <= 2.28 | ||
22 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
23 | |||
24 | --- | ||
25 | binutils/ChangeLog | 5 +++++ | ||
26 | binutils/readelf.c | 32 ++++++++++++++------------------ | ||
27 | 2 files changed, 19 insertions(+), 18 deletions(-) | ||
28 | |||
29 | Index: git/binutils/readelf.c | ||
30 | =================================================================== | ||
31 | --- git.orig/binutils/readelf.c | ||
32 | +++ git/binutils/readelf.c | ||
33 | @@ -15013,24 +15013,20 @@ process_mips_specific (FILE * file) | ||
34 | if (ent == (bfd_vma) -1) | ||
35 | goto got_print_fail; | ||
36 | |||
37 | - if (data) | ||
38 | + /* Check for the MSB of GOT[1] being set, denoting a GNU object. | ||
39 | + This entry will be used by some runtime loaders, to store the | ||
40 | + module pointer. Otherwise this is an ordinary local entry. | ||
41 | + PR 21344: Check for the entry being fully available before | ||
42 | + fetching it. */ | ||
43 | + if (data | ||
44 | + && data + ent - pltgot + addr_size <= data_end | ||
45 | + && (byte_get (data + ent - pltgot, addr_size) | ||
46 | + >> (addr_size * 8 - 1)) != 0) | ||
47 | { | ||
48 | - /* PR 21344 */ | ||
49 | - if (data + ent - pltgot > data_end - addr_size) | ||
50 | - { | ||
51 | - error (_("Invalid got entry - %#lx - overflows GOT table\n"), | ||
52 | - (long) ent); | ||
53 | - goto got_print_fail; | ||
54 | - } | ||
55 | - | ||
56 | - if (byte_get (data + ent - pltgot, addr_size) | ||
57 | - >> (addr_size * 8 - 1) != 0) | ||
58 | - { | ||
59 | - ent = print_mips_got_entry (data, pltgot, ent, data_end); | ||
60 | - printf (_(" Module pointer (GNU extension)\n")); | ||
61 | - if (ent == (bfd_vma) -1) | ||
62 | - goto got_print_fail; | ||
63 | - } | ||
64 | + ent = print_mips_got_entry (data, pltgot, ent, data_end); | ||
65 | + printf (_(" Module pointer (GNU extension)\n")); | ||
66 | + if (ent == (bfd_vma) -1) | ||
67 | + goto got_print_fail; | ||
68 | } | ||
69 | printf ("\n"); | ||
70 | |||
71 | Index: git/bfd/ChangeLog | ||
72 | =================================================================== | ||
73 | --- git.orig/bfd/ChangeLog | ||
74 | +++ git/bfd/ChangeLog | ||
75 | @@ -1,4 +1,9 @@ | ||
76 | 2017-04-25 Maciej W. Rozycki <macro@imgtec.com> | ||
77 | + | ||
78 | + * readelf.c (process_mips_specific): Remove error reporting from | ||
79 | + GOT[1] processing. | ||
80 | + | ||
81 | +2017-04-25 Maciej W. Rozycki <macro@imgtec.com> | ||
82 | |||
83 | * readelf.c (process_mips_specific): Remove null GOT data check. | ||
84 | |||