diff options
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch | 55 |
2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index a5122c5d5c..23aac6bd5e 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -70,6 +70,7 @@ SRC_URI = "\ | |||
70 | file://CVE-2017-8393.patch \ | 70 | file://CVE-2017-8393.patch \ |
71 | file://CVE-2017-8395.patch \ | 71 | file://CVE-2017-8395.patch \ |
72 | file://CVE-2017-8397.patch \ | 72 | file://CVE-2017-8397.patch \ |
73 | file://CVE-2017-7300.patch \ | ||
73 | " | 74 | " |
74 | S = "${WORKDIR}/git" | 75 | S = "${WORKDIR}/git" |
75 | 76 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch new file mode 100644 index 0000000000..c4432e76b0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Fri, 2 Dec 2016 16:41:14 +0000 | ||
4 | Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary. | ||
5 | |||
6 | PR ld/20909 | ||
7 | * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check | ||
8 | for an illegal string offset. | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | CVE: CVE-2017-7300 | ||
12 | VER: < 2.27-r0.9.1 | ||
13 | Signed-off-by: Manjunath Matti <mmatti@mvista.com> | ||
14 | |||
15 | --- | ||
16 | bfd/ChangeLog | 6 ++++++ | ||
17 | bfd/aoutx.h | 3 +-- | ||
18 | 2 files changed, 7 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/bfd/ChangeLog b/bfd/ChangeLog | ||
21 | index d061e66..c8085e7 100644 | ||
22 | --- a/bfd/ChangeLog | ||
23 | +++ b/bfd/ChangeLog | ||
24 | @@ -175,6 +175,12 @@ | ||
25 | * aoutx.h (find_nearest_line): Handle the case where the function | ||
26 | name is empty. | ||
27 | |||
28 | +2016-12-02 Nick Clifton <nickc@redhat.com> | ||
29 | + | ||
30 | + PR ld/20909 | ||
31 | + * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check | ||
32 | + for an illegal string offset. | ||
33 | + | ||
34 | 2016-08-02 Nick Clifton <nickc@redhat.com> | ||
35 | |||
36 | PR ld/17739 | ||
37 | diff --git a/bfd/aoutx.h b/bfd/aoutx.h | ||
38 | index 4308679..b9ac2b7 100644 | ||
39 | --- a/bfd/aoutx.h | ||
40 | +++ b/bfd/aoutx.h | ||
41 | @@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info) | ||
42 | continue; | ||
43 | |||
44 | /* PR 19629: Corrupt binaries can contain illegal string offsets. */ | ||
45 | - if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) | ||
46 | + if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd)) | ||
47 | return FALSE; | ||
48 | name = strings + GET_WORD (abfd, p->e_strx); | ||
49 | - | ||
50 | value = GET_WORD (abfd, p->e_value); | ||
51 | flags = BSF_GLOBAL; | ||
52 | string = NULL; | ||
53 | -- | ||
54 | 2.9.3 | ||
55 | |||