mirror of
https://git.yoctoproject.org/poky
synced 2026-04-19 06:32:13 +02:00
binutls: Security fix CVE-2017-14934
Affects: <= 2.29.1 (From OE-Core rev: b7715d4782cf956c198eaa6b43a6bf11fe8ece7c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
committed by
Richard Purdie
Richard Purdie
parent
9be7b4f3db
commit
6e01f78994
@@ -40,6 +40,7 @@ SRC_URI = "\
|
||||
file://CVE-2017-14932.patch \
|
||||
file://CVE-2017-14933_p1.patch \
|
||||
file://CVE-2017-14933_p2.patch \
|
||||
file://CVE-2017-14934.patch \
|
||||
"
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
|
||||
63
meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch
Normal file
63
meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch
Normal file
@@ -0,0 +1,63 @@
|
||||
From 19485196044b2521af979f1e5c4a89bfb90fba0b Mon Sep 17 00:00:00 2001
|
||||
From: Nick Clifton <nickc@redhat.com>
|
||||
Date: Wed, 27 Sep 2017 10:42:51 +0100
|
||||
Subject: [PATCH] Prevent an infinite loop in the DWARF parsing code when
|
||||
encountering a CU structure with a small negative size.
|
||||
|
||||
PR 22219
|
||||
* dwarf.c (process_debug_info): Add a check for a negative
|
||||
cu_length field.
|
||||
|
||||
Upstream-Status: Backport
|
||||
Affects: <= 2.29.1
|
||||
CVE: CVE-2017-14934
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
binutils/ChangeLog | 6 ++++++
|
||||
binutils/dwarf.c | 11 ++++++++++-
|
||||
2 files changed, 16 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: git/binutils/dwarf.c
|
||||
===================================================================
|
||||
--- git.orig/binutils/dwarf.c
|
||||
+++ git/binutils/dwarf.c
|
||||
@@ -2547,7 +2547,7 @@ process_debug_info (struct dwarf_section
|
||||
int level, last_level, saved_level;
|
||||
dwarf_vma cu_offset;
|
||||
unsigned int offset_size;
|
||||
- int initial_length_size;
|
||||
+ unsigned int initial_length_size;
|
||||
dwarf_vma signature_high = 0;
|
||||
dwarf_vma signature_low = 0;
|
||||
dwarf_vma type_offset = 0;
|
||||
@@ -2695,6 +2695,15 @@ process_debug_info (struct dwarf_section
|
||||
num_units = unit;
|
||||
break;
|
||||
}
|
||||
+ else if (compunit.cu_length + initial_length_size < initial_length_size)
|
||||
+ {
|
||||
+ warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"),
|
||||
+ dwarf_vmatoa ("x", cu_offset),
|
||||
+ dwarf_vmatoa ("x", compunit.cu_length));
|
||||
+ num_units = unit;
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
tags = hdrptr;
|
||||
start += compunit.cu_length + initial_length_size;
|
||||
|
||||
Index: git/binutils/ChangeLog
|
||||
===================================================================
|
||||
--- git.orig/binutils/ChangeLog
|
||||
+++ git/binutils/ChangeLog
|
||||
@@ -1,3 +1,9 @@
|
||||
+2017-09-27 Nick Clifton <nickc@redhat.com>
|
||||
+
|
||||
+ PR 22219
|
||||
+ * dwarf.c (process_debug_info): Add a check for a negative
|
||||
+ cu_length field.
|
||||
+
|
||||
2017-11-01 Alan Modra <amodra@gmail.com>
|
||||
|
||||
Apply from master
|
||||
Reference in New Issue
Block a user