mirror of
https://git.yoctoproject.org/poky
synced 2026-04-20 09:32:13 +02:00
Binutils: Security fix for CVE-2018-6323
Affected: <= 2.29.1 (From OE-Core rev: 52a93bb4c5b5128ff3fa8be84c41309cfeff8224) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
committed by
Richard Purdie
Richard Purdie
parent
1b202d632b
commit
53df81889a
@@ -70,6 +70,7 @@ SRC_URI = "\
|
||||
file://CVE-2018-10534.patch \
|
||||
file://CVE-2018-10535.patch \
|
||||
file://CVE-2018-13033.patch \
|
||||
file://CVE-2018-6323.patch \
|
||||
"
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
|
||||
55
meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch
Normal file
55
meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch
Normal file
@@ -0,0 +1,55 @@
|
||||
From 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 Mon Sep 17 00:00:00 2001
|
||||
From: Alan Modra <amodra@gmail.com>
|
||||
Date: Thu, 25 Jan 2018 21:47:41 +1030
|
||||
Subject: [PATCH] PR22746, crash when running 32-bit objdump on corrupted file
|
||||
|
||||
Avoid unsigned int overflow by performing bfd_size_type multiplication.
|
||||
|
||||
PR 22746
|
||||
* elfcode.h (elf_object_p): Avoid integer overflow.
|
||||
|
||||
Upstream-Status: Backport
|
||||
Affects: <= 2.29.1
|
||||
CVE: CVE-2018-6323
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
bfd/ChangeLog | 5 +++++
|
||||
bfd/elfcode.h | 4 ++--
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: git/bfd/elfcode.h
|
||||
===================================================================
|
||||
--- git.orig/bfd/elfcode.h
|
||||
+++ git/bfd/elfcode.h
|
||||
@@ -680,7 +680,7 @@ elf_object_p (bfd *abfd)
|
||||
if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp))
|
||||
goto got_wrong_format_error;
|
||||
#endif
|
||||
- amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum;
|
||||
+ amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum;
|
||||
i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt);
|
||||
if (!i_shdrp)
|
||||
goto got_no_match;
|
||||
@@ -776,7 +776,7 @@ elf_object_p (bfd *abfd)
|
||||
if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
|
||||
goto got_wrong_format_error;
|
||||
#endif
|
||||
- amt = i_ehdrp->e_phnum * sizeof (*i_phdr);
|
||||
+ amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
|
||||
elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
|
||||
if (elf_tdata (abfd)->phdr == NULL)
|
||||
goto got_no_match;
|
||||
Index: git/bfd/ChangeLog
|
||||
===================================================================
|
||||
--- git.orig/bfd/ChangeLog
|
||||
+++ git/bfd/ChangeLog
|
||||
@@ -1,3 +1,8 @@
|
||||
+2018-01-25 Alan Modra <amodra@gmail.com>
|
||||
+
|
||||
+ PR 22746
|
||||
+ * elfcode.h (elf_object_p): Avoid integer overflow.
|
||||
+
|
||||
2018-05-08 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR 22809
|
||||
Reference in New Issue
Block a user