blob: 59a3b1746138df72064448b8820d336b01c3e084 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
commit a55c9876bb111fd301b4762cf501de0040b8f9db
Author: Nick Clifton <nickc@redhat.com>
Date: Mon Dec 5 13:35:50 2016 +0000
Fix seg-fault attempting to strip a corrupt binary.
PR binutils/20922
* elf.c (find_link): Check for null headers before attempting to
match them.
Upstream-Status: Backport
CVE: CVE-2017-7303
Signed-off-by: Thiruvadi Rajaraman <tarjaraman@mvista.com>
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog 2017-09-04 16:06:08.996688391 +0530
+++ git/bfd/ChangeLog 2017-09-04 16:09:26.810320541 +0530
@@ -124,6 +124,10 @@
(aout_link_add_symbols): Fix off by one error checking for
overflow of string offset.
+ PR binutils/20922
+ * elf.c (find_link): Check for null headers before attempting to
+ match them.
+
PR binutils/20921
* aoutx.h (squirt_out_relocs): Check for and report any relocs
that could not be recognised.
Index: git/bfd/elf.c
===================================================================
--- git.orig/bfd/elf.c 2017-09-04 16:05:55.612577527 +0530
+++ git/bfd/elf.c 2017-09-04 16:08:35.709900050 +0530
@@ -1249,13 +1249,19 @@
Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd);
unsigned int i;
- if (section_match (oheaders[hint], iheader))
+ BFD_ASSERT (iheader != NULL);
+
+ /* See PR 20922 for a reproducer of the NULL test. */
+ if (oheaders[hint] != NULL
+ && section_match (oheaders[hint], iheader))
return hint;
for (i = 1; i < elf_numsections (obfd); i++)
{
Elf_Internal_Shdr * oheader = oheaders[i];
+ if (oheader == NULL)
+ continue;
if (section_match (oheader, iheader))
/* FIXME: Do we care if there is a potential for
multiple matches ? */
|