summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-08 20:07:41 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-15 09:22:45 (GMT)
commit53df81889a241cd1eee8b25c06800076736cbcd3 (patch)
tree2b44001bd9d3b9515edc02080fd3b99ad7c5667b
parent1b202d632b1c12cb3fb4683c53098e245ba99f23 (diff)
downloadpoky-53df81889a241cd1eee8b25c06800076736cbcd3.tar.gz
Binutils: Security fix for CVE-2018-6323
Affected: <= 2.29.1 (From OE-Core rev: 52a93bb4c5b5128ff3fa8be84c41309cfeff8224) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.29.1.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch55
2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 2f9b4fe..db7305a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -70,6 +70,7 @@ SRC_URI = "\
70 file://CVE-2018-10534.patch \ 70 file://CVE-2018-10534.patch \
71 file://CVE-2018-10535.patch \ 71 file://CVE-2018-10535.patch \
72 file://CVE-2018-13033.patch \ 72 file://CVE-2018-13033.patch \
73 file://CVE-2018-6323.patch \
73" 74"
74S = "${WORKDIR}/git" 75S = "${WORKDIR}/git"
75 76
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch
new file mode 100644
index 0000000..2c6b1b2
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch
@@ -0,0 +1,55 @@
1From 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 Mon Sep 17 00:00:00 2001
2From: Alan Modra <amodra@gmail.com>
3Date: Thu, 25 Jan 2018 21:47:41 +1030
4Subject: [PATCH] PR22746, crash when running 32-bit objdump on corrupted file
5
6Avoid unsigned int overflow by performing bfd_size_type multiplication.
7
8 PR 22746
9 * elfcode.h (elf_object_p): Avoid integer overflow.
10
11Upstream-Status: Backport
12Affects: <= 2.29.1
13CVE: CVE-2018-6323
14Signed-off-by: Armin Kuster <akuster@mvista.com>
15
16---
17 bfd/ChangeLog | 5 +++++
18 bfd/elfcode.h | 4 ++--
19 2 files changed, 7 insertions(+), 2 deletions(-)
20
21Index: git/bfd/elfcode.h
22===================================================================
23--- git.orig/bfd/elfcode.h
24+++ git/bfd/elfcode.h
25@@ -680,7 +680,7 @@ elf_object_p (bfd *abfd)
26 if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp))
27 goto got_wrong_format_error;
28 #endif
29- amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum;
30+ amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum;
31 i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt);
32 if (!i_shdrp)
33 goto got_no_match;
34@@ -776,7 +776,7 @@ elf_object_p (bfd *abfd)
35 if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
36 goto got_wrong_format_error;
37 #endif
38- amt = i_ehdrp->e_phnum * sizeof (*i_phdr);
39+ amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
40 elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
41 if (elf_tdata (abfd)->phdr == NULL)
42 goto got_no_match;
43Index: git/bfd/ChangeLog
44===================================================================
45--- git.orig/bfd/ChangeLog
46+++ git/bfd/ChangeLog
47@@ -1,3 +1,8 @@
48+2018-01-25 Alan Modra <amodra@gmail.com>
49+
50+ PR 22746
51+ * elfcode.h (elf_object_p): Avoid integer overflow.
52+
53 2018-05-08 Nick Clifton <nickc@redhat.com>
54
55 PR 22809