mirror of
https://git.yoctoproject.org/poky
synced 2026-04-16 15:32:13 +02:00
Fix seg-fault in the linker when examining a corrupt binary.
Source: https://sourceware.org/ MR: 74244 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=531336e3a0b79ed60cfc36ad2d6579b6a71175da ChangeID: 69cc8699fcb0655f3a48778e514552dfaea7229c Description: Fix seg-fault in the linker when examining a corrupt binary. PR ld/20909 * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check for an illegal string offset. CVE: CVE-2017-7300 Affects: < 2.27-r0.9.1 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: c1b259c5fef13e1ecff9a68d82cde49c777ffa4d) Signed-off-by: Manjunath S Matti <mmatti@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Manjunath S Matti
committed by
Richard Purdie
Richard Purdie
parent
f98a25139e
commit
2dcc1db01d
@@ -70,6 +70,7 @@ SRC_URI = "\
|
||||
file://CVE-2017-8393.patch \
|
||||
file://CVE-2017-8395.patch \
|
||||
file://CVE-2017-8397.patch \
|
||||
file://CVE-2017-7300.patch \
|
||||
"
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
|
||||
55
meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
Normal file
55
meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
Normal file
@@ -0,0 +1,55 @@
|
||||
From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001
|
||||
From: Nick Clifton <nickc@redhat.com>
|
||||
Date: Fri, 2 Dec 2016 16:41:14 +0000
|
||||
Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary.
|
||||
|
||||
PR ld/20909
|
||||
* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
|
||||
for an illegal string offset.
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2017-7300
|
||||
VER: < 2.27-r0.9.1
|
||||
Signed-off-by: Manjunath Matti <mmatti@mvista.com>
|
||||
|
||||
---
|
||||
bfd/ChangeLog | 6 ++++++
|
||||
bfd/aoutx.h | 3 +--
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
|
||||
index d061e66..c8085e7 100644
|
||||
--- a/bfd/ChangeLog
|
||||
+++ b/bfd/ChangeLog
|
||||
@@ -175,6 +175,12 @@
|
||||
* aoutx.h (find_nearest_line): Handle the case where the function
|
||||
name is empty.
|
||||
|
||||
+2016-12-02 Nick Clifton <nickc@redhat.com>
|
||||
+
|
||||
+ PR ld/20909
|
||||
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
|
||||
+ for an illegal string offset.
|
||||
+
|
||||
2016-08-02 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR ld/17739
|
||||
diff --git a/bfd/aoutx.h b/bfd/aoutx.h
|
||||
index 4308679..b9ac2b7 100644
|
||||
--- a/bfd/aoutx.h
|
||||
+++ b/bfd/aoutx.h
|
||||
@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
|
||||
continue;
|
||||
|
||||
/* PR 19629: Corrupt binaries can contain illegal string offsets. */
|
||||
- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
|
||||
+ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
|
||||
return FALSE;
|
||||
name = strings + GET_WORD (abfd, p->e_strx);
|
||||
-
|
||||
value = GET_WORD (abfd, p->e_value);
|
||||
flags = BSF_GLOBAL;
|
||||
string = NULL;
|
||||
--
|
||||
2.9.3
|
||||
|
||||
Reference in New Issue
Block a user