summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch')
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch129
1 files changed, 129 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch
new file mode 100644
index 0000000..30dc6d5
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch
@@ -0,0 +1,129 @@
1From 160b1a618ad94988410dc81fce9189fcda5b7ff4 Mon Sep 17 00:00:00 2001
2From: Alan Modra <amodra@gmail.com>
3Date: Sat, 18 Nov 2017 23:18:22 +1030
4Subject: [PATCH] PR22443, Global buffer overflow in
5 _bfd_elf_get_symbol_version_string
6
7Symbols like *ABS* defined in bfd/section.c:global_syms are not
8elf_symbol_type. They can appear on relocs and perhaps other places
9in an ELF bfd, so a number of places in nm.c and objdump.c are wrong
10to cast an asymbol based on the bfd being ELF. I think we lose
11nothing by excluding all section symbols, not just the global_syms.
12
13 PR 22443
14 * nm.c (sort_symbols_by_size): Don't attempt to access
15 section symbol internal_elf_sym.
16 (print_symbol): Likewise. Don't call bfd_get_symbol_version_string
17 for section symbols.
18 * objdump.c (compare_symbols): Don't attempt to access
19 section symbol internal_elf_sym.
20 (objdump_print_symname): Don't call bfd_get_symbol_version_string
21 for section symbols.
22
23Upstream-Status: Backport
24Affects: <= 2.29.1
25CVE: CVE-2017-17125
26Signed-off-by: Armin Kuster <akuster@mvista.com>
27
28---
29 binutils/ChangeLog | 12 ++++++++++++
30 binutils/nm.c | 17 ++++++++++-------
31 binutils/objdump.c | 6 +++---
32 3 files changed, 25 insertions(+), 10 deletions(-)
33
34Index: git/binutils/nm.c
35===================================================================
36--- git.orig/binutils/nm.c
37+++ git/binutils/nm.c
38@@ -765,7 +765,6 @@ sort_symbols_by_size (bfd *abfd, bfd_boo
39 asection *sec;
40 bfd_vma sz;
41 asymbol *temp;
42- int synthetic = (sym->flags & BSF_SYNTHETIC);
43
44 if (from + size < fromend)
45 {
46@@ -782,10 +781,13 @@ sort_symbols_by_size (bfd *abfd, bfd_boo
47 sec = bfd_get_section (sym);
48
49 /* Synthetic symbols don't have a full type set of data available, thus
50- we can't rely on that information for the symbol size. */
51- if (!synthetic && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
52+ we can't rely on that information for the symbol size. Ditto for
53+ bfd/section.c:global_syms like *ABS*. */
54+ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
55+ && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
56 sz = ((elf_symbol_type *) sym)->internal_elf_sym.st_size;
57- else if (!synthetic && bfd_is_com_section (sec))
58+ else if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
59+ && bfd_is_com_section (sec))
60 sz = sym->value;
61 else
62 {
63@@ -874,8 +876,9 @@ print_symbol (bfd * abfd,
64
65 info.sinfo = &syminfo;
66 info.ssize = ssize;
67- /* Synthetic symbols do not have a full symbol type set of data available. */
68- if ((sym->flags & BSF_SYNTHETIC) != 0)
69+ /* Synthetic symbols do not have a full symbol type set of data available.
70+ Nor do bfd/section.c:global_syms like *ABS*. */
71+ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) != 0)
72 {
73 info.elfinfo = NULL;
74 info.coffinfo = NULL;
75@@ -893,7 +896,7 @@ print_symbol (bfd * abfd,
76 const char * version_string = NULL;
77 bfd_boolean hidden = FALSE;
78
79- if ((sym->flags & BSF_SYNTHETIC) == 0)
80+ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
81 version_string = bfd_get_symbol_version_string (abfd, sym, &hidden);
82
83 if (bfd_is_und_section (bfd_get_section (sym)))
84Index: git/binutils/objdump.c
85===================================================================
86--- git.orig/binutils/objdump.c
87+++ git/binutils/objdump.c
88@@ -799,10 +799,10 @@ compare_symbols (const void *ap, const v
89 bfd_vma asz, bsz;
90
91 asz = 0;
92- if ((a->flags & BSF_SYNTHETIC) == 0)
93+ if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
94 asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
95 bsz = 0;
96- if ((b->flags & BSF_SYNTHETIC) == 0)
97+ if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
98 bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
99 if (asz != bsz)
100 return asz > bsz ? -1 : 1;
101@@ -888,7 +888,7 @@ objdump_print_symname (bfd *abfd, struct
102 name = alloc;
103 }
104
105- if ((sym->flags & BSF_SYNTHETIC) == 0)
106+ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
107 version_string = bfd_get_symbol_version_string (abfd, sym, &hidden);
108
109 if (bfd_is_und_section (bfd_get_section (sym)))
110Index: git/binutils/ChangeLog
111===================================================================
112--- git.orig/binutils/ChangeLog
113+++ git/binutils/ChangeLog
114@@ -1,3 +1,15 @@
115+2017-11-18 Alan Modra <amodra@gmail.com>
116+
117+ PR 22443
118+ * nm.c (sort_symbols_by_size): Don't attempt to access
119+ section symbol internal_elf_sym.
120+ (print_symbol): Likewise. Don't call bfd_get_symbol_version_string
121+ for section symbols.
122+ * objdump.c (compare_symbols): Don't attempt to access
123+ section symbol internal_elf_sym.
124+ (objdump_print_symname): Don't call bfd_get_symbol_version_string
125+ for section symbols.
126+
127 2017-11-29 Nick Clifton <nickc@redhat.com>
128
129 PR 22508