diff options
Diffstat (limited to 'meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch')
-rw-r--r-- | meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch new file mode 100644 index 0000000000..e55dc5a054 --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From 3ed05376e7b2c96c1d6eb24d2842cc25b79a4f07 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Wielaard <mark@klomp.org> | ||
3 | Date: Wed, 16 Jan 2019 12:25:57 +0100 | ||
4 | Subject: [PATCH] CVE: CVE-2019-7664 | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | libelf: Correct overflow check in note_xlate. | ||
8 | |||
9 | We want to make sure the note_len doesn't overflow and becomes shorter | ||
10 | than the note header. But the namesz and descsz checks got the note header | ||
11 | size wrong). Replace the wrong constant (8) with a sizeof cvt_Nhdr (12). | ||
12 | |||
13 | https://sourceware.org/bugzilla/show_bug.cgi?id=24084 | ||
14 | |||
15 | Signed-off-by: Mark Wielaard <mark@klomp.org> | ||
16 | Signed-off-by: Ubuntu <lisa@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net> | ||
17 | --- | ||
18 | libelf/ChangeLog | 13 +++++++++++++ | ||
19 | libelf/note_xlate.h | 4 ++-- | ||
20 | 2 files changed, 15 insertions(+), 2 deletions(-) | ||
21 | |||
22 | diff --git a/libelf/ChangeLog b/libelf/ChangeLog | ||
23 | index 68c4fbd..892e6e7 100644 | ||
24 | --- a/libelf/ChangeLog | ||
25 | +++ b/libelf/ChangeLog | ||
26 | @@ -1,3 +1,16 @@ | ||
27 | +<<<<<<< HEAD | ||
28 | +======= | ||
29 | +2019-01-16 Mark Wielaard <mark@klomp.org> | ||
30 | + | ||
31 | + * note_xlate.h (elf_cvt_note): Check n_namesz and n_descsz don't | ||
32 | + overflow note_len into note header. | ||
33 | + | ||
34 | +2018-11-17 Mark Wielaard <mark@klomp.org> | ||
35 | + | ||
36 | + * elf32_updatefile.c (updatemmap): Make sure to call convert | ||
37 | + function on a properly aligned destination. | ||
38 | + | ||
39 | +>>>>>>> e65d91d... libelf: Correct overflow check in note_xlate. | ||
40 | 2018-11-16 Mark Wielaard <mark@klomp.org> | ||
41 | |||
42 | * libebl.h (__elf32_msize): Mark with const attribute. | ||
43 | diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h | ||
44 | index 9bdc3e2..bc9950f 100644 | ||
45 | --- a/libelf/note_xlate.h | ||
46 | +++ b/libelf/note_xlate.h | ||
47 | @@ -46,13 +46,13 @@ elf_cvt_note (void *dest, const void *src, size_t len, int encode, | ||
48 | /* desc needs to be aligned. */ | ||
49 | note_len += n->n_namesz; | ||
50 | note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len); | ||
51 | - if (note_len > len || note_len < 8) | ||
52 | + if (note_len > len || note_len < sizeof *n) | ||
53 | break; | ||
54 | |||
55 | /* data as a whole needs to be aligned. */ | ||
56 | note_len += n->n_descsz; | ||
57 | note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len); | ||
58 | - if (note_len > len || note_len < 8) | ||
59 | + if (note_len > len || note_len < sizeof *n) | ||
60 | break; | ||
61 | |||
62 | /* Copy or skip the note data. */ | ||
63 | -- | ||
64 | 2.7.4 | ||
65 | |||