blob: c4432e76b04fc129633c2a9f28381dc1f6e6e948 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 2 Dec 2016 16:41:14 +0000
Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary.
PR ld/20909
* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
for an illegal string offset.
Upstream-Status: Backport
CVE: CVE-2017-7300
VER: < 2.27-r0.9.1
Signed-off-by: Manjunath Matti <mmatti@mvista.com>
---
bfd/ChangeLog | 6 ++++++
bfd/aoutx.h | 3 +--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index d061e66..c8085e7 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -175,6 +175,12 @@
* aoutx.h (find_nearest_line): Handle the case where the function
name is empty.
+2016-12-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/20909
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+ for an illegal string offset.
+
2016-08-02 Nick Clifton <nickc@redhat.com>
PR ld/17739
diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index 4308679..b9ac2b7 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
continue;
/* PR 19629: Corrupt binaries can contain illegal string offsets. */
- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
return FALSE;
name = strings + GET_WORD (abfd, p->e_strx);
-
value = GET_WORD (abfd, p->e_value);
flags = BSF_GLOBAL;
string = NULL;
--
2.9.3
|