diff options
Diffstat (limited to 'meta/recipes-devtools/elfutils')
-rw-r--r-- | meta/recipes-devtools/elfutils/elfutils_0.178.bb | 2 | ||||
-rw-r--r-- | meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch | 72 |
2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.178.bb b/meta/recipes-devtools/elfutils/elfutils_0.178.bb index c500ae3c19..29a3bbfffb 100644 --- a/meta/recipes-devtools/elfutils/elfutils_0.178.bb +++ b/meta/recipes-devtools/elfutils/elfutils_0.178.bb | |||
@@ -1,5 +1,6 @@ | |||
1 | SUMMARY = "Utilities and libraries for handling compiled object files" | 1 | SUMMARY = "Utilities and libraries for handling compiled object files" |
2 | HOMEPAGE = "https://sourceware.org/elfutils" | 2 | HOMEPAGE = "https://sourceware.org/elfutils" |
3 | DESCRIPTION = "elfutils is a collection of utilities and libraries to read, create and modify ELF binary files, find and handle DWARF debug data, symbols, thread state and stacktraces for processes and core files on GNU/Linux." | ||
3 | SECTION = "base" | 4 | SECTION = "base" |
4 | LICENSE = "GPLv2 & LGPLv3+ & GPLv3+" | 5 | LICENSE = "GPLv2 & LGPLv3+ & GPLv3+" |
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" |
@@ -33,6 +34,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \ | |||
33 | file://0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch \ | 34 | file://0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch \ |
34 | file://run-ptest \ | 35 | file://run-ptest \ |
35 | file://ptest.patch \ | 36 | file://ptest.patch \ |
37 | file://CVE-2021-33294.patch \ | ||
36 | " | 38 | " |
37 | SRC_URI_append_libc-musl = " \ | 39 | SRC_URI_append_libc-musl = " \ |
38 | file://0001-musl-obstack-fts.patch \ | 40 | file://0001-musl-obstack-fts.patch \ |
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch b/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch new file mode 100644 index 0000000000..0500a4cf83 --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch | |||
@@ -0,0 +1,72 @@ | |||
1 | From 480b6fa3662ba8ffeee274bf0d37423413c01e55 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Wielaard <mark@klomp.org> | ||
3 | Date: Wed, 3 Mar 2021 21:40:53 +0100 | ||
4 | Subject: [PATCH] readelf: Sanity check verneed and verdef offsets in handle_symtab. | ||
5 | |||
6 | We are going through vna_next, vn_next and vd_next in a while loop. | ||
7 | Make sure that all offsets are sane. We don't want things to wrap | ||
8 | around so we go in cycles. | ||
9 | |||
10 | https://sourceware.org/bugzilla/show_bug.cgi?id=27501 | ||
11 | |||
12 | Signed-off-by: Mark Wielaard <mark@klomp.org> | ||
13 | |||
14 | Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=480b6fa3662ba8ffeee274bf0d37423413c01e55] | ||
15 | CVE: CVE-2021-33294 | ||
16 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
17 | --- | ||
18 | src/ChangeLog | 5 +++++ | ||
19 | src/readelf.c | 10 +++++++++- | ||
20 | 2 files changed, 14 insertions(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/src/ChangeLog b/src/ChangeLog | ||
23 | index 6af977e..f0d9e39 100644 | ||
24 | --- a/src/ChangeLog | ||
25 | +++ b/src/ChangeLog | ||
26 | @@ -1,3 +1,8 @@ | ||
27 | +2021-03-03 Mark Wielaard <mark@klomp.org> | ||
28 | + | ||
29 | + * readelf.c (handle_symtab): Sanity check verneed vna_next, | ||
30 | + vn_next and verdef vd_next offsets. | ||
31 | + | ||
32 | 2019-11-26 Mark Wielaard <mark@klomp.org> | ||
33 | |||
34 | * Makefile.am (BUILD_STATIC): Add libraries needed for libdw. | ||
35 | diff --git a/src/readelf.c b/src/readelf.c | ||
36 | index 5994615..ab7a1c1 100644 | ||
37 | --- a/src/readelf.c | ||
38 | +++ b/src/readelf.c | ||
39 | @@ -2550,7 +2550,9 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr) | ||
40 | &vernaux_mem); | ||
41 | while (vernaux != NULL | ||
42 | && vernaux->vna_other != *versym | ||
43 | - && vernaux->vna_next != 0) | ||
44 | + && vernaux->vna_next != 0 | ||
45 | + && (verneed_data->d_size - vna_offset | ||
46 | + >= vernaux->vna_next)) | ||
47 | { | ||
48 | /* Update the offset. */ | ||
49 | vna_offset += vernaux->vna_next; | ||
50 | @@ -2567,6 +2569,9 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr) | ||
51 | /* Found it. */ | ||
52 | break; | ||
53 | |||
54 | + if (verneed_data->d_size - vn_offset < verneed->vn_next) | ||
55 | + break; | ||
56 | + | ||
57 | vn_offset += verneed->vn_next; | ||
58 | verneed = (verneed->vn_next == 0 | ||
59 | ? NULL | ||
60 | @@ -2602,6 +2607,9 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr) | ||
61 | /* Found the definition. */ | ||
62 | break; | ||
63 | |||
64 | + if (verdef_data->d_size - vd_offset < verdef->vd_next) | ||
65 | + break; | ||
66 | + | ||
67 | vd_offset += verdef->vd_next; | ||
68 | verdef = (verdef->vd_next == 0 | ||
69 | ? NULL | ||
70 | -- | ||
71 | 2.25.1 | ||
72 | |||