blob: 16f0768d95d3fbac409886ae1637a9f186588de6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
From b0029dce6867de1a2828293177b0e030d2f0f03c Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 28 Nov 2017 18:00:29 +0000
Subject: [PATCH] Prevent a memory exhaustion problem when trying to read in
strings from a COFF binary with a corrupt string table size.
PR 22507
* coffgen.c (_bfd_coff_read_string_table): Check for an excessive
size of the external string table.
Upstream-Status: Backport
Affects binutls <= 2.29.1
CVE: CVE-2017-17124
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
bfd/ChangeLog | 6 ++++++
bfd/coffgen.c | 4 ++--
2 files changed, 8 insertions(+), 2 deletions(-)
Index: git/bfd/coffgen.c
===================================================================
--- git.orig/bfd/coffgen.c
+++ git/bfd/coffgen.c
@@ -1709,7 +1709,7 @@ _bfd_coff_read_string_table (bfd *abfd)
#endif
}
- if (strsize < STRING_SIZE_SIZE)
+ if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd))
{
_bfd_error_handler
/* xgettext: c-format */
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-11-28 Nick Clifton <nickc@redhat.com>
+
+ PR 22507
+ * coffgen.c (_bfd_coff_read_string_table): Check for an excessive
+ size of the external string table.
+
2018-03-28 Eric Botcazou <ebotcazou@adacore.com>
PR ld/22972
|