binutils: CVE-2017-8421

Source: git://sourceware.org/git/binutils-gdb.git MR: 74140 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 5f6dd48c427de8663c5a80af6db44ce5c579d42c Description: Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs. PR 21440 * objdump.c (dump_relocs_in_section): Check for an excessive number of relocs before attempting to dump them. Affects: <= 2.29 Author: Alan Modra <amodra@gmail.com> (From OE-Core rev: 09c642a70e2a12dcc01ffe45c333011a142c02a7) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-18 03:32:13 +02:00 · 2017-09-13 17:14:14 +05:30
parent 52bc287aca
commit fdee751f82
2 changed files with 52 additions and 0 deletions
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -72,6 +72,7 @@ SRC_URI = "\
     file://CVE-2017-8397.patch \
     file://CVE-2017-7300.patch \
     file://CVE-2017-8396.patch \
+     file://CVE-2017-8421.patch \
 "
 S  = "${WORKDIR}/git"

--- a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
@@ -0,0 +1,51 @@
+commit 39ff1b79f687b65f4144ddb379f22587003443fb
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Tue May 2 11:54:53 2017 +0100
+
+    Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
+    
+    	PR 21440
+    	* objdump.c (dump_relocs_in_section): Check for an excessive
+    	number of relocs before attempting to dump them.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8421
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c	2017-09-05 11:34:23.140802515 +0530
+++ git/binutils/objdump.c	2017-09-05 11:34:28.716824776 +0530
+@@ -3238,6 +3238,14 @@
+       return;
+     }
+ 
+  if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+      && relsize > get_file_size (bfd_get_filename (abfd)))
+    {
+      printf (" (too many: 0x%x)\n", section->reloc_count);
+      bfd_set_error (bfd_error_file_truncated);
+      bfd_fatal (bfd_get_filename (abfd));
+    }
+
+   relpp = (arelent **) xmalloc (relsize);
+   relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
+ 
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog	2017-09-05 11:34:28.040822070 +0530
+++ git/binutils/ChangeLog	2017-09-05 11:36:02.413217129 +0530
+@@ -4,6 +4,12 @@
+        * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+        string whilst concatenating symbol names.
+ 
+2017-05-02  Nick Clifton  <nickc@redhat.com>
+
+       PR 21440
+       * objdump.c (dump_relocs_in_section): Check for an excessive
+       number of relocs before attempting to dump them.
+
+ 2017-02-14  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21157