diff options
Diffstat (limited to 'meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch')
-rw-r--r-- | meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch new file mode 100644 index 0000000000..01a4fb1562 --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch | |||
@@ -0,0 +1,51 @@ | |||
1 | From da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Wielaard <mark@klomp.org> | ||
3 | Date: Sun, 20 Jan 2019 23:05:56 +0100 | ||
4 | Subject: [PATCH] libdwfl: Sanity check partial core file dyn data read. | ||
5 | |||
6 | When reading the dyn data from the core file check if we got everything, | ||
7 | or just part of the data. | ||
8 | |||
9 | https://sourceware.org/bugzilla/show_bug.cgi?id=24103 | ||
10 | |||
11 | Signed-off-by: Mark Wielaard <mark@klomp.org> | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | CVE: CVE-2019-7150 | ||
15 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
16 | |||
17 | --- | ||
18 | libdwfl/ChangeLog | 5 +++++ | ||
19 | libdwfl/dwfl_segment_report_module.c | 6 ++++++ | ||
20 | 2 files changed, 11 insertions(+) | ||
21 | |||
22 | Index: elfutils-0.175/libdwfl/dwfl_segment_report_module.c | ||
23 | =================================================================== | ||
24 | --- elfutils-0.175.orig/libdwfl/dwfl_segment_report_module.c | ||
25 | +++ elfutils-0.175/libdwfl/dwfl_segment_report_module.c | ||
26 | @@ -783,6 +783,12 @@ dwfl_segment_report_module (Dwfl *dwfl, | ||
27 | if (dyn_filesz != 0 && dyn_filesz % dyn_entsize == 0 | ||
28 | && ! read_portion (&dyn_data, &dyn_data_size, dyn_vaddr, dyn_filesz)) | ||
29 | { | ||
30 | + /* dyn_data_size will be zero if we got everything from the initial | ||
31 | + buffer, otherwise it will be the size of the new buffer that | ||
32 | + could be read. */ | ||
33 | + if (dyn_data_size != 0) | ||
34 | + dyn_filesz = dyn_data_size; | ||
35 | + | ||
36 | void *dyns = malloc (dyn_filesz); | ||
37 | Elf32_Dyn (*d32)[dyn_filesz / sizeof (Elf32_Dyn)] = dyns; | ||
38 | Elf64_Dyn (*d64)[dyn_filesz / sizeof (Elf64_Dyn)] = dyns; | ||
39 | Index: elfutils-0.175/libdwfl/ChangeLog | ||
40 | =================================================================== | ||
41 | --- elfutils-0.175.orig/libdwfl/ChangeLog | ||
42 | +++ elfutils-0.175/libdwfl/ChangeLog | ||
43 | @@ -1,3 +1,8 @@ | ||
44 | +2019-01-20 Mark Wielaard <mark@klomp.org> | ||
45 | + | ||
46 | + * dwfl_segment_report_module.c (dwfl_segment_report_module): Check | ||
47 | + dyn_filesz vs dyn_data_size after read_portion call. | ||
48 | + | ||
49 | 2018-10-20 Mark Wielaard <mark@klomp.org> | ||
50 | |||
51 | * libdwflP.h (__libdw_open_elf): New internal function declaration. | ||