diff options
Diffstat (limited to 'meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch')
-rw-r--r-- | meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch new file mode 100644 index 0000000000..b6cd29af1a --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 012018907ca05eb0ab51d424a596ef38fc87cae1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Wielaard <mark@klomp.org> | ||
3 | Date: Wed, 16 Jan 2019 11:57:35 +0100 | ||
4 | Subject: [PATCH] libebl: Check GNU property note pr_datasz fits inside note | ||
5 | description. | ||
6 | |||
7 | Before printing the data values, make sure pr_datasz doesn't go beyond | ||
8 | the end of the note description data. | ||
9 | |||
10 | https://sourceware.org/bugzilla/show_bug.cgi?id=24075 | ||
11 | |||
12 | Signed-off-by: Mark Wielaard <mark@klomp.org> | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | CVE: CVE-2019-7146 patch #1 | ||
16 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
17 | |||
18 | --- | ||
19 | libebl/ChangeLog | 4 ++++ | ||
20 | libebl/eblobjnote.c | 7 +++++++ | ||
21 | 2 files changed, 11 insertions(+) | ||
22 | |||
23 | Index: elfutils-0.175/libebl/eblobjnote.c | ||
24 | =================================================================== | ||
25 | --- elfutils-0.175.orig/libebl/eblobjnote.c | ||
26 | +++ elfutils-0.175/libebl/eblobjnote.c | ||
27 | @@ -350,6 +350,13 @@ ebl_object_note (Ebl *ebl, uint32_t name | ||
28 | desc += 8; | ||
29 | descsz -= 8; | ||
30 | |||
31 | + if (prop.pr_datasz > descsz) | ||
32 | + { | ||
33 | + printf ("BAD property datasz: %" PRId32 "\n", | ||
34 | + prop.pr_datasz); | ||
35 | + return; | ||
36 | + } | ||
37 | + | ||
38 | int elfclass = gelf_getclass (ebl->elf); | ||
39 | char *elfident = elf_getident (ebl->elf, NULL); | ||
40 | GElf_Ehdr ehdr; | ||
41 | Index: elfutils-0.175/libebl/ChangeLog | ||
42 | =================================================================== | ||
43 | --- elfutils-0.175.orig/libebl/ChangeLog | ||
44 | +++ elfutils-0.175/libebl/ChangeLog | ||
45 | @@ -1,3 +1,7 @@ | ||
46 | +2019-01-16 Mark Wielaard <mark@klomp.org> | ||
47 | + | ||
48 | + * eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large. | ||
49 | + | ||
50 | 2018-11-15 Mark Wielaard <mark@klomp.org> | ||
51 | |||
52 | * eblobjnotetypename.c (ebl_object_note_type_name): Don't update | ||