mirror of
https://git.yoctoproject.org/poky
synced 2026-02-22 17:39:39 +01:00
a33c82de39
Backport the CVE patch from the upstream: https://sourceware.org/git/?p=elfutils.git;a=commit; h=29e31978ba51c1051743a503ee325b5ebc03d7e9 (From OE-Core rev: bcca86fca317c16a8f6c138c7df369b944e50700) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
80 lines
2.5 KiB
Diff
80 lines
2.5 KiB
Diff
From 29e31978ba51c1051743a503ee325b5ebc03d7e9 Mon Sep 17 00:00:00 2001
|
|
From: Mark Wielaard <mark@klomp.org>
|
|
Date: Sat, 18 Aug 2018 13:27:48 +0200
|
|
Subject: [PATCH] libdw, readelf: Make sure there is enough data to read full
|
|
aranges header.
|
|
|
|
dwarf_getaranges didn't check if there was enough data left to read both
|
|
the address and segment size. readelf didn't check there was enough data
|
|
left to read the segment size.
|
|
|
|
https://sourceware.org/bugzilla/show_bug.cgi?id=23541
|
|
|
|
CVE: CVE-2018-16062
|
|
Upstream-Status: Backport
|
|
|
|
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
|
---
|
|
libdw/ChangeLog | 5 +++++
|
|
libdw/dwarf_getaranges.c | 4 ++++
|
|
src/ChangeLog | 5 +++++
|
|
src/readelf.c | 2 ++
|
|
4 files changed, 16 insertions(+)
|
|
|
|
diff --git a/libdw/ChangeLog b/libdw/ChangeLog
|
|
index cb4f34e..472d922 100644
|
|
--- a/libdw/ChangeLog
|
|
+++ b/libdw/ChangeLog
|
|
@@ -1,3 +1,8 @@
|
|
+2018-08-18 Mark Wielaard <mark@klomp.org>
|
|
+
|
|
+ * dwarf_getaranges.c (dwarf_getaranges.c): Make sure there is enough
|
|
+ data to read the address and segment size.
|
|
+
|
|
2018-06-28 Mark Wielaard <mark@klomp.org>
|
|
|
|
* dwarf_next_cfi.c (dwarf_next_cfi): Check whether length is zero.
|
|
diff --git a/libdw/dwarf_getaranges.c b/libdw/dwarf_getaranges.c
|
|
index bff9c86..de5b81b 100644
|
|
--- a/libdw/dwarf_getaranges.c
|
|
+++ b/libdw/dwarf_getaranges.c
|
|
@@ -148,6 +148,10 @@ dwarf_getaranges (Dwarf *dbg, Dwarf_Aranges **aranges, size_t *naranges)
|
|
length_bytes, &offset, IDX_debug_info, 4))
|
|
goto fail;
|
|
|
|
+ /* Next up two bytes for address and segment size. */
|
|
+ if (readp + 2 > readendp)
|
|
+ goto invalid;
|
|
+
|
|
unsigned int address_size = *readp++;
|
|
if (unlikely (address_size != 4 && address_size != 8))
|
|
goto invalid;
|
|
diff --git a/src/ChangeLog b/src/ChangeLog
|
|
index 8c89f83..2f9f774 100644
|
|
--- a/src/ChangeLog
|
|
+++ b/src/ChangeLog
|
|
@@ -1,3 +1,8 @@
|
|
+2018-08-18 Mark Wielaard <mark@klomp.org>
|
|
+
|
|
+ * readelf.c (print_debug_aranges_section): Make sure there is enough
|
|
+ data to read the header segment size.
|
|
+
|
|
2018-06-25 Mark Wielaard <mark@klomp.org>
|
|
|
|
* readelf.c (print_decoded_line_section): Use dwarf_next_lines
|
|
diff --git a/src/readelf.c b/src/readelf.c
|
|
index 7b5707f..7b488ac 100644
|
|
--- a/src/readelf.c
|
|
+++ b/src/readelf.c
|
|
@@ -5447,6 +5447,8 @@ print_debug_aranges_section (Dwfl_Module *dwflmod __attribute__ ((unused)),
|
|
goto next_table;
|
|
}
|
|
|
|
+ if (readp + 1 > readendp)
|
|
+ goto invalid_data;
|
|
unsigned int segment_size = *readp++;
|
|
printf (gettext (" Segment size: %6" PRIu64 "\n\n"),
|
|
(uint64_t) segment_size);
|
|
--
|
|
2.9.3
|