summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-07 23:33:02 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-15 09:22:45 (GMT)
commitad4d04429ac4f8b19f04b4c439ee6e815e699136 (patch)
tree53c7fa8216a00b9b5a3701359367dce0f3b06023
parent1abb9cc58e4be1c5de0e763b3cc34c3e0640679d (diff)
downloadpoky-ad4d04429ac4f8b19f04b4c439ee6e815e699136.tar.gz
binutls: Security fix for CVE-2017-17080
Affects: <= 2.29.1 (From OE-Core rev: 238a0a40a7835226dd25134e88f830683f60dac3) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.29.1.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch78
2 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 6611fdc..2a713ca 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -60,6 +60,7 @@ SRC_URI = "\
60 file://CVE-2017-16830.patch \ 60 file://CVE-2017-16830.patch \
61 file://CVE-2017-16831.patch \ 61 file://CVE-2017-16831.patch \
62 file://CVE-2017-16832.patch \ 62 file://CVE-2017-16832.patch \
63 file://CVE-2017-17080.patch \
63" 64"
64S = "${WORKDIR}/git" 65S = "${WORKDIR}/git"
65 66
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch
new file mode 100644
index 0000000..611a276
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch
@@ -0,0 +1,78 @@
1From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001
2From: Nick Clifton <nickc@redhat.com>
3Date: Thu, 16 Nov 2017 14:53:32 +0000
4Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly
5 formated core notes.
6
7 PR 22421
8 * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
9 (elfcore_grok_openbsd_procinfo): Likewise.
10 (elfcore_grok_nto_status): Likewise.
11
12Upstream-Status: Backport
13Affects: <= 2.29.1
14CVE: CVE-2017-17080
15Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17---
18 bfd/ChangeLog | 7 +++++++
19 bfd/elf.c | 10 ++++++++++
20 2 files changed, 17 insertions(+)
21
22Index: git/bfd/elf.c
23===================================================================
24--- git.orig/bfd/elf.c
25+++ git/bfd/elf.c
26@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd,
27 /* Check for version 1 in pr_version. */
28 if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1)
29 return FALSE;
30+
31 offset = 4;
32
33 /* Skip over pr_psinfosz. */
34@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N
35 static bfd_boolean
36 elfcore_grok_netbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
37 {
38+ if (note->descsz <= 0x7c + 31)
39+ return FALSE;
40+
41 /* Signal number at offset 0x08. */
42 elf_tdata (abfd)->core->signal
43 = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
44@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf
45 static bfd_boolean
46 elfcore_grok_openbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
47 {
48+ if (note->descsz <= 0x48 + 31)
49+ return FALSE;
50+
51 /* Signal number at offset 0x08. */
52 elf_tdata (abfd)->core->signal
53 = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
54@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_
55 short sig;
56 unsigned flags;
57
58+ if (note->descsz < 16)
59+ return FALSE;
60+
61 /* nto_procfs_status 'pid' field is at offset 0. */
62 elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata);
63
64Index: git/bfd/ChangeLog
65===================================================================
66--- git.orig/bfd/ChangeLog
67+++ git/bfd/ChangeLog
68@@ -1,3 +1,10 @@
69+2017-11-16 Nick Clifton <nickc@redhat.com>
70+
71+ PR 22421
72+ * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
73+ (elfcore_grok_openbsd_procinfo): Likewise.
74+ (elfcore_grok_nto_status): Likewise.
75+
76 2017-10-31 Nick Clifton <nickc@redhat.com>
77
78 PR 22373