mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-24 10:29:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
63df03dc7bf31bf128f44bee7dc8a2a3d6479a8f
poky/meta/recipes-devtools/elfutils/elfutils-0.158/CVE-2014-0172.patch
Hongxu Jia 4b616f06c1 elfutils: upgrade to 0.158 
Add 'm4-biarch.m4-tweak-AC_RUN_IFELSE-for-cross-compiling.patch' to fix cross compiling failure;

Rebase 'elf_additions.diff' for 0.158;

Drop obsolete patches:
- nm-Fix-size-passed-to-snprintf-for-invalid-sh_name-case.patch
- elfutils-ar-c-fix-num-passed-to-memset.patch
- fix-build-gcc-4.8.patch

Pick patches from debian:
http://ftp.de.debian.org/debian/pool/main/e/elfutils/elfutils_0.158-2.debian.tar.xz

We could not directly add elfutils_0.158-2.debian.tar.xz to SRC_URI, because it
contains other souce codes which are not pathces.

(From OE-Core rev: d9c7a02240ce37d5b2569d9177e8ba534b9295ce)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-03 16:49:19 +01:00

36 lines
1.3 KiB
Diff
Raw Blame History

From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mjw@redhat.com>
Date: Wed, 9 Apr 2014 11:33:23 +0200
Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to
uncompress data.
https://bugzilla.redhat.com/show_bug.cgi?id=1085663
Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Index: elfutils-0.158/libdw/dwarf_begin_elf.c
===================================================================
--- elfutils-0.158.orig/libdw/dwarf_begin_elf.c 2014-05-01 17:10:01.928213292 +0000
+++ elfutils-0.158/libdw/dwarf_begin_elf.c 2014-05-01 17:10:01.924213375 +0000
@@ -1,5 +1,5 @@
/* Create descriptor from ELF descriptor for processing file.
- Copyright (C) 2002-2011 Red Hat, Inc.
+ Copyright (C) 2002-2011, 2014 Red Hat, Inc.
This file is part of elfutils.
Written by Ulrich Drepper <drepper@redhat.com>, 2002.
@@ -289,6 +289,12 @@
memcpy (&size, data->d_buf + 4, sizeof size);
size = be64toh (size);
+ /* Check for unsigned overflow so malloc always allocated
+ enough memory for both the Elf_Data header and the
+ uncompressed section data. */
+ if (unlikely (sizeof (Elf_Data) + size < size))
+ break;
+
Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
if (unlikely (zdata == NULL))
break;
Reference in New Issue View Git Blame Copy Permalink