mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-18 03:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

binutils: fix CVE-2019-14250 CVE-2019-14444

Browse Source 
(From OE-Core rev: abdc51527988afdcfd2db6dc08ebb6083a341be9)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Anuj Mittal
2019-08-19 21:43:11 +08:00
committed by Richard Purdie
parent eaa58d850a
commit 7ef44dbd3b
3 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-devtools/binutils/binutils-2.32.inc
View File

@@ -50,6 +50,8 @@ SRC_URI = "\
file://CVE-2019-9077.patch \
file://CVE-2019-9071.patch \
file://CVE-2019-12972.patch \
file://CVE-2019-14250.patch \
file://CVE-2019-14444.patch \
"
S = "${WORKDIR}/git"

33
meta/recipes-devtools/binutils/binutils/CVE-2019-14250.patch Normal file
View File

@@ -0,0 +1,33 @@
From df78be05daf4eb07f60f50ec1080cb979af32ec0 Mon Sep 17 00:00:00 2001
From: marxin <marxin@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Tue, 23 Jul 2019 07:33:32 +0000
Subject: [PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@273718 138bc75d-0d04-0410-961f-82ee72b054a4
CVE: CVE-2019-14250
Upstream-Status: Backport [from gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=273718]
[Removed Changelog entry]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
diff --git a/libiberty/simple-object-elf.c b/libiberty/simple-object-elf.c
index 502388991a08..bdee963634d6 100644
--- a/libiberty/simple-object-elf.c
+++ b/libiberty/simple-object-elf.c
@@ -548,7 +548,15 @@ simple_object_elf_match (unsigned char header[SIMPLE_OBJECT_MATCH_HEADER_LEN],
XDELETE (eor);
return NULL;
}
-
+
+ if (eor->shstrndx == 0)
+ {
+ *errmsg = "invalid ELF shstrndx == 0";
+ *err = 0;
+ XDELETE (eor);
+ return NULL;
+ }
+
return (void *) eor;
}

28
meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch Normal file
View File

@@ -0,0 +1,28 @@
From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 5 Aug 2019 10:40:35 +0100
Subject: [PATCH] Catch potential integer overflow in readelf when processing
corrupt binaries.
PR 24829
* readelf.c (apply_relocations): Catch potential integer overflow
whilst checking reloc location against section size.
CVE: CVE-2019-14444
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7]
[Removed Changelog entry]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
diff --git a/binutils/readelf.c b/binutils/readelf.c
index b896ad9f406..e785fde43e7 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata,
}
rloc = start + rp->r_offset;
- if ((rloc + reloc_size) > end || (rloc < start))
+ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
{
warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
(unsigned long) rp->r_offset,