diff options
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch | 81 |
2 files changed, 82 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 59e46b8bf4..936cdc3c98 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -64,6 +64,7 @@ SRC_URI = "\ | |||
64 | file://CVE-2017-7225.patch \ | 64 | file://CVE-2017-7225.patch \ |
65 | file://CVE-2017-7227.patch \ | 65 | file://CVE-2017-7227.patch \ |
66 | file://CVE-2017-7301.patch \ | 66 | file://CVE-2017-7301.patch \ |
67 | file://CVE-2017-7302.patch \ | ||
67 | " | 68 | " |
68 | S = "${WORKDIR}/git" | 69 | S = "${WORKDIR}/git" |
69 | 70 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch new file mode 100644 index 0000000000..a45de0e0ab --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch | |||
@@ -0,0 +1,81 @@ | |||
1 | commit e2996cc315d6ea242e1a954dc20246485ccc8512 | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Mon Dec 5 14:32:30 2016 +0000 | ||
4 | |||
5 | Fix seg-fault running strip on a corrupt binary. | ||
6 | |||
7 | PR binutils/20921 | ||
8 | * aoutx.h (squirt_out_relocs): Check for and report any relocs | ||
9 | that could not be recognised. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | CVE: CVE-2017-7302 | ||
14 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
15 | |||
16 | Index: git/bfd/ChangeLog | ||
17 | =================================================================== | ||
18 | --- git.orig/bfd/ChangeLog 2017-09-04 15:57:38.564419146 +0530 | ||
19 | +++ git/bfd/ChangeLog 2017-09-04 16:02:31.994883900 +0530 | ||
20 | @@ -124,6 +124,10 @@ | ||
21 | (aout_link_add_symbols): Fix off by one error checking for | ||
22 | overflow of string offset. | ||
23 | |||
24 | + PR binutils/20921 | ||
25 | + * aoutx.h (squirt_out_relocs): Check for and report any relocs | ||
26 | + that could not be recognised. | ||
27 | + | ||
28 | 2016-12-01 Nick Clifton <nickc@redhat.com> | ||
29 | |||
30 | PR binutils/20891 | ||
31 | Index: git/bfd/aoutx.h | ||
32 | =================================================================== | ||
33 | --- git.orig/bfd/aoutx.h 2017-09-04 15:57:38.564419146 +0530 | ||
34 | +++ git/bfd/aoutx.h 2017-09-04 16:01:08.830188291 +0530 | ||
35 | @@ -1952,6 +1952,7 @@ | ||
36 | |||
37 | PUT_WORD (abfd, g->address, natptr->r_address); | ||
38 | |||
39 | + BFD_ASSERT (g->howto != NULL); | ||
40 | r_length = g->howto->size ; /* Size as a power of two. */ | ||
41 | r_pcrel = (int) g->howto->pc_relative; /* Relative to PC? */ | ||
42 | /* XXX This relies on relocs coming from a.out files. */ | ||
43 | @@ -2390,16 +2391,34 @@ | ||
44 | for (natptr = native; | ||
45 | count != 0; | ||
46 | --count, natptr += each_size, ++generic) | ||
47 | - MY_swap_ext_reloc_out (abfd, *generic, | ||
48 | - (struct reloc_ext_external *) natptr); | ||
49 | + { | ||
50 | + if ((*generic)->howto == NULL) | ||
51 | + { | ||
52 | + bfd_set_error (bfd_error_invalid_operation); | ||
53 | + _bfd_error_handler (_("%B: attempt to write out unknown reloc type"), abfd); | ||
54 | + return FALSE; | ||
55 | + } | ||
56 | + MY_swap_ext_reloc_out (abfd, *generic, | ||
57 | + (struct reloc_ext_external *) natptr); | ||
58 | + } | ||
59 | } | ||
60 | else | ||
61 | { | ||
62 | for (natptr = native; | ||
63 | count != 0; | ||
64 | --count, natptr += each_size, ++generic) | ||
65 | - MY_swap_std_reloc_out (abfd, *generic, | ||
66 | - (struct reloc_std_external *) natptr); | ||
67 | + { | ||
68 | + /* PR 20921: If the howto field has not been initialised then skip | ||
69 | + this reloc. */ | ||
70 | + if ((*generic)->howto == NULL) | ||
71 | + { | ||
72 | + bfd_set_error (bfd_error_invalid_operation); | ||
73 | + _bfd_error_handler (_("%B: attempt to write out unknown reloc type"), abfd); | ||
74 | + return FALSE; | ||
75 | + } | ||
76 | + MY_swap_std_reloc_out (abfd, *generic, | ||
77 | + (struct reloc_std_external *) natptr); | ||
78 | + } | ||
79 | } | ||
80 | |||
81 | if (bfd_bwrite ((void *) native, natsize, abfd) != natsize) | ||