mirror of
https://git.yoctoproject.org/poky
synced 2026-04-20 00:32:13 +02:00
binutls: Security fix for CVE-2017-16832
Affects: <= 2.29.1 (From OE-Core rev: ec8861a2f280a3210f9423fd1b687bca6340b8ca) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
committed by
Richard Purdie
Richard Purdie
parent
d40d4bf86f
commit
1abb9cc58e
@@ -59,6 +59,7 @@ SRC_URI = "\
|
||||
file://CVE-2017-16829.patch \
|
||||
file://CVE-2017-16830.patch \
|
||||
file://CVE-2017-16831.patch \
|
||||
file://CVE-2017-16832.patch \
|
||||
"
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
|
||||
61
meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch
Normal file
61
meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch
Normal file
@@ -0,0 +1,61 @@
|
||||
From 0bb6961f18b8e832d88b490d421ca56cea16c45b Mon Sep 17 00:00:00 2001
|
||||
From: Nick Clifton <nickc@redhat.com>
|
||||
Date: Tue, 31 Oct 2017 14:29:40 +0000
|
||||
Subject: [PATCH] Fix illegal memory access triggered when parsing a PE binary
|
||||
with a corrupt data dictionary.
|
||||
|
||||
PR 22373
|
||||
* peicode.h (pe_bfd_read_buildid): Check for invalid size and data
|
||||
offset values.
|
||||
|
||||
Upstrem-Status: Backport
|
||||
Affects: <= 2.29.1
|
||||
CVE: CVE-2017-16832
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
bfd/ChangeLog | 6 ++++++
|
||||
bfd/peicode.h | 9 ++++++---
|
||||
2 files changed, 12 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: git/bfd/peicode.h
|
||||
===================================================================
|
||||
--- git.orig/bfd/peicode.h
|
||||
+++ git/bfd/peicode.h
|
||||
@@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd)
|
||||
bfd_byte *data = 0;
|
||||
bfd_size_type dataoff;
|
||||
unsigned int i;
|
||||
-
|
||||
bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress;
|
||||
bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size;
|
||||
|
||||
@@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd)
|
||||
|
||||
dataoff = addr - section->vma;
|
||||
|
||||
- /* PR 20605: Make sure that the data is really there. */
|
||||
- if (dataoff + size > section->size)
|
||||
+ /* PR 20605 and 22373: Make sure that the data is really there.
|
||||
+ Note - since we are dealing with unsigned quantities we have
|
||||
+ to be careful to check for potential overflows. */
|
||||
+ if (dataoff > section->size
|
||||
+ || size > section->size
|
||||
+ || dataoff + size > section->size)
|
||||
{
|
||||
_bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."),
|
||||
abfd);
|
||||
Index: git/bfd/ChangeLog
|
||||
===================================================================
|
||||
--- git.orig/bfd/ChangeLog
|
||||
+++ git/bfd/ChangeLog
|
||||
@@ -1,3 +1,9 @@
|
||||
+2017-10-31 Nick Clifton <nickc@redhat.com>
|
||||
+
|
||||
+ PR 22373
|
||||
+ * peicode.h (pe_bfd_read_buildid): Check for invalid size and data
|
||||
+ offset values.
|
||||
+
|
||||
2017-11-03 Mingi Cho <mgcho.minic@gmail.com>
|
||||
Nick Clifton <nickc@redhat.com>
|
||||
|
||||
Reference in New Issue
Block a user