summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/elfutils/elfutils-0.158/CVE-2014-0172.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/elfutils/elfutils-0.158/CVE-2014-0172.patch')
-rw-r--r--meta/recipes-devtools/elfutils/elfutils-0.158/CVE-2014-0172.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils-0.158/CVE-2014-0172.patch b/meta/recipes-devtools/elfutils/elfutils-0.158/CVE-2014-0172.patch
new file mode 100644
index 0000000000..6c44314589
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/elfutils-0.158/CVE-2014-0172.patch
@@ -0,0 +1,35 @@
1From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001
2From: Mark Wielaard <mjw@redhat.com>
3Date: Wed, 9 Apr 2014 11:33:23 +0200
4Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to
5 uncompress data.
6
7https://bugzilla.redhat.com/show_bug.cgi?id=1085663
8
9Reported-by: Florian Weimer <fweimer@redhat.com>
10Signed-off-by: Mark Wielaard <mjw@redhat.com>
11
12Index: elfutils-0.158/libdw/dwarf_begin_elf.c
13===================================================================
14--- elfutils-0.158.orig/libdw/dwarf_begin_elf.c 2014-05-01 17:10:01.928213292 +0000
15+++ elfutils-0.158/libdw/dwarf_begin_elf.c 2014-05-01 17:10:01.924213375 +0000
16@@ -1,5 +1,5 @@
17 /* Create descriptor from ELF descriptor for processing file.
18- Copyright (C) 2002-2011 Red Hat, Inc.
19+ Copyright (C) 2002-2011, 2014 Red Hat, Inc.
20 This file is part of elfutils.
21 Written by Ulrich Drepper <drepper@redhat.com>, 2002.
22
23@@ -289,6 +289,12 @@
24 memcpy (&size, data->d_buf + 4, sizeof size);
25 size = be64toh (size);
26
27+ /* Check for unsigned overflow so malloc always allocated
28+ enough memory for both the Elf_Data header and the
29+ uncompressed section data. */
30+ if (unlikely (sizeof (Elf_Data) + size < size))
31+ break;
32+
33 Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
34 if (unlikely (zdata == NULL))
35 break;