summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-08 18:47:09 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-15 09:22:45 (GMT)
commit8eeacb689b934c989a1cfad882559cd2d5c5f901 (patch)
tree44eb969a4745c216a2fcaaf91916a603aae0d6b5
parent5a60b74887458e080bd7b62ca35d0753fd6aa7ce (diff)
downloadpoky-8eeacb689b934c989a1cfad882559cd2d5c5f901.tar.gz
Binutils: Security fix for CVE-2018-10535
Affects: <= 2.30 (From OE-Core rev: 5fc41ff3341074497a1359969baf880d8035826b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.29.1.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch63
2 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index ab61745..4d9983b 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -68,6 +68,7 @@ SRC_URI = "\
68 file://CVE-2018-10372.patch \ 68 file://CVE-2018-10372.patch \
69 file://CVE-2018-10373.patch \ 69 file://CVE-2018-10373.patch \
70 file://CVE-2018-10534.patch \ 70 file://CVE-2018-10534.patch \
71 file://CVE-2018-10535.patch \
71" 72"
72S = "${WORKDIR}/git" 73S = "${WORKDIR}/git"
73 74
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
new file mode 100644
index 0000000..29b8343
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
@@ -0,0 +1,63 @@
1From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001
2From: Nick Clifton <nickc@redhat.com>
3Date: Tue, 24 Apr 2018 16:57:04 +0100
4Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF
5 binary with corrupt section symbols.
6
7 PR 23113
8 * elf.c (ignore_section_sym): Check for the output_section pointer
9 being NULL before dereferencing it.
10
11Upstream-Status: Backport
12Affects: <= 2.30
13CVE: CVE-2018-10535
14Signed-off-by: Armin Kuster <akuster@mvista.com>
15
16---
17 bfd/ChangeLog | 4 ++++
18 bfd/elf.c | 9 ++++++++-
19 2 files changed, 12 insertions(+), 1 deletion(-)
20
21Index: git/bfd/elf.c
22===================================================================
23--- git.orig/bfd/elf.c
24+++ git/bfd/elf.c
25@@ -3994,15 +3994,22 @@ ignore_section_sym (bfd *abfd, asymbol *
26 {
27 elf_symbol_type *type_ptr;
28
29+ if (sym == NULL)
30+ return FALSE;
31+
32 if ((sym->flags & BSF_SECTION_SYM) == 0)
33 return FALSE;
34
35+ if (sym->section == NULL)
36+ return TRUE;
37+
38 type_ptr = elf_symbol_from (abfd, sym);
39 return ((type_ptr != NULL
40 && type_ptr->internal_elf_sym.st_shndx != 0
41 && bfd_is_abs_section (sym->section))
42 || !(sym->section->owner == abfd
43- || (sym->section->output_section->owner == abfd
44+ || (sym->section->output_section != NULL
45+ && sym->section->output_section->owner == abfd
46 && sym->section->output_offset == 0)
47 || bfd_is_abs_section (sym->section)));
48 }
49Index: git/bfd/ChangeLog
50===================================================================
51--- git.orig/bfd/ChangeLog
52+++ git/bfd/ChangeLog
53@@ -1,4 +1,10 @@
54 2018-04-24 Nick Clifton <nickc@redhat.com>
55+
56+ PR 23113
57+ * elf.c (ignore_section_sym): Check for the output_section pointer
58+ being NULL before dereferencing it.
59+
60+2018-04-24 Nick Clifton <nickc@redhat.com>
61
62 PR 23110
63 * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for