binutls: Security fix for CVE-2017-17080

Affects: <= 2.29.1 (From OE-Core rev: 238a0a40a7835226dd25134e88f830683f60dac3) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-20 18:32:12 +02:00 · 2018-08-07 16:33:02 -07:00
parent 1abb9cc58e
commit ad4d04429a
2 changed files with 79 additions and 0 deletions
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -60,6 +60,7 @@ SRC_URI = "\
     file://CVE-2017-16830.patch \
     file://CVE-2017-16831.patch \
     file://CVE-2017-16832.patch \
+     file://CVE-2017-17080.patch \
 "
 S  = "${WORKDIR}/git"

--- a/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch
@@ -0,0 +1,78 @@
+From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 16 Nov 2017 14:53:32 +0000
+Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly
+ formated core notes.
+
+	PR 22421
+	* elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
+	(elfcore_grok_openbsd_procinfo): Likewise.
+	(elfcore_grok_nto_status): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-17080 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/elf.c     | 10 ++++++++++
+ 2 files changed, 17 insertions(+)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
+++ git/bfd/elf.c
+@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd,
+   /* Check for version 1 in pr_version.  */
+   if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1)
+     return FALSE;
+
+   offset = 4;
+ 
+   /* Skip over pr_psinfosz. */
+@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N
+ static bfd_boolean
+ elfcore_grok_netbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
+ {
+  if (note->descsz <= 0x7c + 31)
+    return FALSE;
+
+   /* Signal number at offset 0x08. */
+   elf_tdata (abfd)->core->signal
+     = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
+@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf
+ static bfd_boolean
+ elfcore_grok_openbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
+ {
+  if (note->descsz <= 0x48 + 31)
+    return FALSE;
+
+   /* Signal number at offset 0x08. */
+   elf_tdata (abfd)->core->signal
+     = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
+@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_
+   short sig;
+   unsigned flags;
+ 
+  if (note->descsz < 16)
+    return FALSE;
+
+   /* nto_procfs_status 'pid' field is at offset 0.  */
+   elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata);
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
+2017-11-16  Nick Clifton  <nickc@redhat.com>
+ 
+       PR 22421
+       * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
+       (elfcore_grok_openbsd_procinfo): Likewise.
+       (elfcore_grok_nto_status): Likewise.
+
+ 2017-10-31  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22373