1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
From b2706ceadac7239e7b02d43f05100fc6538b0d65 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 13 Feb 2017 15:04:37 +0000
Subject: Fix invalid read of section contents whilst processing a corrupt binary.
PR binutils/21135
* readelf.c (dump_section_as_bytes): Handle the case where
uncompress_section_contents returns false.
CVE: CVE-2017-7209
Upstream-Status: Backport[master]
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
---
binutils/ChangeLog | 6 ++++++
binutils/readelf.c | 16 ++++++++++++----
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 53352c1801..cf92744c12 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2017-02-13 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21135
+ * readelf.c (dump_section_as_bytes): Handle the case where
+ uncompress_section_contents returns false.
+
2017-02-20 Nick Clifton <nickc@redhat.com>
PR binutils/21156
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 4960491c5c..f0e7b080e8 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12803,10 +12803,18 @@ dump_section_as_bytes (Elf_Internal_Shdr * section,
new_size -= 12;
}
- if (uncompressed_size
- && uncompress_section_contents (& start, uncompressed_size,
- & new_size))
- section_size = new_size;
+ if (uncompressed_size)
+ {
+ if (uncompress_section_contents (& start, uncompressed_size,
+ & new_size))
+ section_size = new_size;
+ else
+ {
+ error (_("Unable to decompress section %s\n"),
+ printable_section_name (section));
+ return;
+ }
+ }
}
if (relocate)
--
2.11.0
|
