mirror of
https://git.yoctoproject.org/poky
synced 2026-02-23 01:49:40 +01:00
18369bf39c
Drop patches to ChangeLog, they are in patch header anyway (From OE-Core rev: 0b0f545dbf16b0970c5a79975d451dc9d887c2a7) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
44 lines
1.2 KiB
Diff
44 lines
1.2 KiB
Diff
From 1d9a2696903fc59d6a936f4ab4e4407ef329d066 Mon Sep 17 00:00:00 2001
|
|
From: Nick Clifton <nickc@redhat.com>
|
|
Date: Fri, 17 Feb 2017 15:59:45 +0000
|
|
Subject: Fix illegal memory accesses in readelf when parsing
|
|
a corrupt binary.
|
|
|
|
PR binutils/21156
|
|
* readelf.c (find_section_in_set): Test for invalid section
|
|
indicies.
|
|
|
|
CVE: CVE-2017-6969
|
|
Upstream-Status: Backport [master]
|
|
|
|
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
|
|
---
|
|
binutils/ChangeLog | 6 ++++++
|
|
binutils/readelf.c | 10 ++++++++--
|
|
2 files changed, 14 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/binutils/readelf.c b/binutils/readelf.c
|
|
index 7c158c6342..4960491c5c 100644
|
|
--- a/binutils/readelf.c
|
|
+++ b/binutils/readelf.c
|
|
@@ -675,8 +675,14 @@ find_section_in_set (const char * name, unsigned int * set)
|
|
if (set != NULL)
|
|
{
|
|
while ((i = *set++) > 0)
|
|
- if (streq (SECTION_NAME (section_headers + i), name))
|
|
- return section_headers + i;
|
|
+ {
|
|
+ /* See PR 21156 for a reproducer. */
|
|
+ if (i >= elf_header.e_shnum)
|
|
+ continue; /* FIXME: Should we issue an error message ? */
|
|
+
|
|
+ if (streq (SECTION_NAME (section_headers + i), name))
|
|
+ return section_headers + i;
|
|
+ }
|
|
}
|
|
|
|
return find_section (name);
|
|
--
|
|
2.11.0
|
|
|