diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch new file mode 100644 index 0000000000..9527390ccf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | From d6e1d48c83b165c129cb0aa78905f7ca80a1f682 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Fri, 17 Jun 2022 09:13:38 +0930 | ||
4 | Subject: [PATCH] PR29255, memory leak in make_tempdir | ||
5 | |||
6 | PR 29255 | ||
7 | * bucomm.c (make_tempdir, make_tempname): Free template on all | ||
8 | failure paths. | ||
9 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682] | ||
10 | CVE: CVE-2022-47008 | ||
11 | Signed-off-by: Virendra Thakur <virendrak@kpit.com> | ||
12 | Comment: Patch refreshed based on codebase. | ||
13 | --- | ||
14 | binutils/bucomm.c | 20 +++++++++++--------- | ||
15 | 1 file changed, 11 insertions(+), 9 deletions(-) | ||
16 | |||
17 | diff --git a/binutils/bucomm.c b/binutils/bucomm.c | ||
18 | index fdc2209df9c..4395cb9f7f5 100644 | ||
19 | --- a/binutils/bucomm.c | ||
20 | +++ b/binutils/bucomm.c | ||
21 | @@ -542,8 +542,9 @@ | ||
22 | #else | ||
23 | tmpname = mktemp (tmpname); | ||
24 | if (tmpname == NULL) | ||
25 | - return NULL; | ||
26 | - fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); | ||
27 | + fd = -1; | ||
28 | + else | ||
29 | + fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); | ||
30 | #endif | ||
31 | if (fd == -1) | ||
32 | { | ||
33 | @@ -561,22 +562,23 @@ | ||
34 | make_tempdir (const char *filename) | ||
35 | { | ||
36 | char *tmpname = template_in_dir (filename); | ||
37 | + char *ret; | ||
38 | |||
39 | #ifdef HAVE_MKDTEMP | ||
40 | - return mkdtemp (tmpname); | ||
41 | + ret = mkdtemp (tmpname); | ||
42 | #else | ||
43 | - tmpname = mktemp (tmpname); | ||
44 | - if (tmpname == NULL) | ||
45 | - return NULL; | ||
46 | + ret = mktemp (tmpname); | ||
47 | #if defined (_WIN32) && !defined (__CYGWIN32__) | ||
48 | if (mkdir (tmpname) != 0) | ||
49 | - return NULL; | ||
50 | + ret = NULL; | ||
51 | #else | ||
52 | if (mkdir (tmpname, 0700) != 0) | ||
53 | - return NULL; | ||
54 | + ret = NULL; | ||
55 | #endif | ||
56 | - return tmpname; | ||
57 | #endif | ||
58 | + if (ret == NULL) | ||
59 | + free (tmpname); | ||
60 | + return ret; | ||
61 | } | ||
62 | |||
63 | /* Parse a string into a VMA, with a fatal error if it can't be | ||
64 | |||