diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch new file mode 100644 index 0000000000..6cd86c2a30 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch | |||
@@ -0,0 +1,93 @@ | |||
1 | commit cfd14a500e0485374596234de4db10e88ebc7618 | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Mon Jun 26 15:25:08 2017 +0100 | ||
4 | |||
5 | Fix address violations when atempting to parse fuzzed binaries. | ||
6 | |||
7 | PR binutils/21665 | ||
8 | * compress.c (bfd_get_full_section_contents): Check for and reject | ||
9 | a section whoes size is greater than the size of the entire file. | ||
10 | * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not | ||
11 | contain a notes section. | ||
12 | |||
13 | binutils* objdump.c (disassemble_section): Skip any section that is bigger | ||
14 | than the entire file. | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | |||
18 | CVE: CVE-2017-9955 | ||
19 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
20 | |||
21 | Index: git/bfd/compress.c | ||
22 | =================================================================== | ||
23 | --- git.orig/bfd/compress.c 2017-09-21 17:32:51.645611404 +0530 | ||
24 | +++ git/bfd/compress.c 2017-09-21 17:32:52.965622987 +0530 | ||
25 | @@ -239,6 +239,12 @@ | ||
26 | *ptr = NULL; | ||
27 | return TRUE; | ||
28 | } | ||
29 | + else if (bfd_get_file_size (abfd) > 0 | ||
30 | + && sz > (bfd_size_type) bfd_get_file_size (abfd)) | ||
31 | + { | ||
32 | + *ptr = NULL; | ||
33 | + return FALSE; | ||
34 | + } | ||
35 | |||
36 | switch (sec->compress_status) | ||
37 | { | ||
38 | Index: git/bfd/elf32-v850.c | ||
39 | =================================================================== | ||
40 | --- git.orig/bfd/elf32-v850.c 2017-09-21 17:32:35.053465773 +0530 | ||
41 | +++ git/bfd/elf32-v850.c 2017-09-21 17:32:52.965622987 +0530 | ||
42 | @@ -2448,7 +2448,9 @@ | ||
43 | BFD_ASSERT (bfd_malloc_and_get_section (ibfd, inotes, & icont)); | ||
44 | |||
45 | if ((ocont = elf_section_data (onotes)->this_hdr.contents) == NULL) | ||
46 | - BFD_ASSERT (bfd_malloc_and_get_section (obfd, onotes, & ocont)); | ||
47 | + /* If the output is being stripped then it is possible for | ||
48 | + the notes section to disappear. In this case do nothing. */ | ||
49 | + return; | ||
50 | |||
51 | /* Copy/overwrite notes from the input to the output. */ | ||
52 | memcpy (ocont, icont, bfd_section_size (obfd, onotes)); | ||
53 | Index: git/binutils/objdump.c | ||
54 | =================================================================== | ||
55 | --- git.orig/binutils/objdump.c 2017-09-21 17:32:52.337617476 +0530 | ||
56 | +++ git/binutils/objdump.c 2017-09-21 17:32:52.965622987 +0530 | ||
57 | @@ -1973,7 +1973,7 @@ | ||
58 | return; | ||
59 | |||
60 | datasize = bfd_get_section_size (section); | ||
61 | - if (datasize == 0) | ||
62 | + if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd)) | ||
63 | return; | ||
64 | |||
65 | if (start_address == (bfd_vma) -1 | ||
66 | @@ -2839,7 +2839,7 @@ | ||
67 | static void | ||
68 | dump_section (bfd *abfd, asection *section, void *dummy ATTRIBUTE_UNUSED) | ||
69 | { | ||
70 | - bfd_byte *data = 0; | ||
71 | + bfd_byte *data = NULL; | ||
72 | bfd_size_type datasize; | ||
73 | bfd_vma addr_offset; | ||
74 | bfd_vma start_offset; | ||
75 | Index: git/bfd/ChangeLog | ||
76 | =================================================================== | ||
77 | --- git.orig/bfd/ChangeLog 2017-09-21 17:32:52.909622495 +0530 | ||
78 | +++ git/bfd/ChangeLog 2017-09-21 17:35:57.863164167 +0530 | ||
79 | @@ -11,6 +11,14 @@ | ||
80 | of end pointer. | ||
81 | (evax_bfd_print_emh): Check for invalid string lengths. | ||
82 | |||
83 | +2017-06-26 Nick Clifton <nickc@redhat.com> | ||
84 | + | ||
85 | + PR binutils/21665 | ||
86 | + * compress.c (bfd_get_full_section_contents): Check for and reject | ||
87 | + a section whoes size is greater than the size of the entire file. | ||
88 | + * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not | ||
89 | + contain a notes section. | ||
90 | + | ||
91 | 2017-07-24 Nick Clifton <nickc@redhat.com> | ||
92 | |||
93 | PR 21813 | ||