summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-08 20:20:03 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-15 09:22:45 (GMT)
commit1b709e6837dca57e8416fd6066b5a3d821a13fca (patch)
tree8f0590b8b4a8969fbb0512ab357ffb1681985a74
parent5281adb8856934e003d37fb941070a329a9958fc (diff)
downloadpoky-1b709e6837dca57e8416fd6066b5a3d821a13fca.tar.gz
Binutils: Security fix for CVE-2018-7208
Affects: <= 2.30 (From OE-Core rev: fc5adfb0af0cae0071c0136068f37fd35529fc7f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.29.1.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch47
2 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index c668e63..13389a1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -72,6 +72,7 @@ SRC_URI = "\
72 file://CVE-2018-13033.patch \ 72 file://CVE-2018-13033.patch \
73 file://CVE-2018-6323.patch \ 73 file://CVE-2018-6323.patch \
74 file://CVE-2018-6759.patch \ 74 file://CVE-2018-6759.patch \
75 file://CVE-2018-7208.patch \
75" 76"
76S = "${WORKDIR}/git" 77S = "${WORKDIR}/git"
77 78
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch
new file mode 100644
index 0000000..7d78db7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch
@@ -0,0 +1,47 @@
1From eb77f6a4621795367a39cdd30957903af9dbb815 Mon Sep 17 00:00:00 2001
2From: Alan Modra <amodra@gmail.com>
3Date: Sat, 27 Jan 2018 08:19:33 +1030
4Subject: [PATCH] PR22741, objcopy segfault on fuzzed COFF object
5
6 PR 22741
7 * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
8 range before converting to a symbol table pointer.
9
10Upstream-Status: Backport
11Affects: <= 2.30
12CVE: CVE-2018-7208
13Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15---
16 bfd/ChangeLog | 6 ++++++
17 bfd/coffgen.c | 3 ++-
18 2 files changed, 8 insertions(+), 1 deletion(-)
19
20Index: git/bfd/coffgen.c
21===================================================================
22--- git.orig/bfd/coffgen.c
23+++ git/bfd/coffgen.c
24@@ -1555,7 +1555,8 @@ coff_pointerize_aux (bfd *abfd,
25 }
26 /* A negative tagndx is meaningless, but the SCO 3.2v4 cc can
27 generate one, so we must be careful to ignore it. */
28- if (auxent->u.auxent.x_sym.x_tagndx.l > 0)
29+ if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l
30+ < obj_raw_syment_count (abfd))
31 {
32 auxent->u.auxent.x_sym.x_tagndx.p =
33 table_base + auxent->u.auxent.x_sym.x_tagndx.l;
34Index: git/bfd/ChangeLog
35===================================================================
36--- git.orig/bfd/ChangeLog
37+++ git/bfd/ChangeLog
38@@ -1,3 +1,9 @@
39+2018-01-29 Alan Modra <amodra@gmail.com>
40+
41+ PR 22741
42+ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
43+ range before converting to a symbol table pointer.
44+
45 2018-02-06 Nick Clifton <nickc@redhat.com>
46
47 PR 22794