mirror of
https://git.yoctoproject.org/poky
synced 2026-03-03 22:09:39 +01:00
4bca7db53e
Source: binutils-gdb.git MR: 72756, 72805 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf ChangeID: af83ec9e8322e0e051bb684bd2fee5fe8a506fbc Description: excluded some changes as the code does not exist in our version. Does not affect fix. Affects: <= Binutils 2017-04-12 (From OE-Core rev: 2dfdc0ceac466a4b80ece01a970cb5cfdc08d7ab) Signed-off-by: Armin Kuster <akuster@mvista.com> Reviewed-by Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
84 lines
2.7 KiB
Diff
84 lines
2.7 KiB
Diff
From 7296a62a2a237f6b1ad8db8c38b090e9f592c8cf Mon Sep 17 00:00:00 2001
|
|
From: Nick Clifton <nickc@redhat.com>
|
|
Date: Thu, 13 Apr 2017 16:06:30 +0100
|
|
Subject: [PATCH] readelf: fix out of range subtraction, seg fault from a NULL
|
|
pointer and memory exhaustion, all from parsing corrupt binaries.
|
|
|
|
PR binutils/21379
|
|
* readelf.c (process_dynamic_section): Detect over large section
|
|
offsets in the DT_SYMTAB entry.
|
|
|
|
PR binutils/21345
|
|
* readelf.c (process_mips_specific): Catch an unfeasible memory
|
|
allocation before it happens and print a suitable error message.
|
|
|
|
Upstream-Status: Backport
|
|
|
|
did not include all the commit as affect code does not exists. it does contain the two
|
|
fixes above.
|
|
both cve's fixed by same comit.
|
|
|
|
CVE: CVE-2017-9040
|
|
CVE: CVE-2017-9042
|
|
VER: <= 2.28
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
|
---
|
|
binutils/ChangeLog | 12 ++++++++++++
|
|
binutils/readelf.c | 26 +++++++++++++++++++++-----
|
|
2 files changed, 33 insertions(+), 5 deletions(-)
|
|
|
|
Index: git/binutils/readelf.c
|
|
===================================================================
|
|
--- git.orig/binutils/readelf.c
|
|
+++ git/binutils/readelf.c
|
|
@@ -9079,6 +9079,12 @@ process_dynamic_section (FILE * file)
|
|
processing that. This is overkill, I know, but it
|
|
should work. */
|
|
section.sh_offset = offset_from_vma (file, entry->d_un.d_val, 0);
|
|
+ if ((bfd_size_type) section.sh_offset > current_file_size)
|
|
+ {
|
|
+ /* See PR 21379 for a reproducer. */
|
|
+ error (_("Invalid DT_SYMTAB entry: %lx"), (long) section.sh_offset);
|
|
+ return FALSE;
|
|
+ }
|
|
|
|
if (archive_file_offset != 0)
|
|
section.sh_size = archive_file_size - section.sh_offset;
|
|
@@ -14882,6 +14888,15 @@ process_mips_specific (FILE * file)
|
|
return 0;
|
|
}
|
|
|
|
+ /* PR 21345 - print a slightly more helpful error message
|
|
+ if we are sure that the cmalloc will fail. */
|
|
+ if (conflictsno * sizeof (* iconf) > current_file_size)
|
|
+ {
|
|
+ error (_("Overlarge number of conflicts detected: %lx\n"),
|
|
+ (long) conflictsno);
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
iconf = (Elf32_Conflict *) cmalloc (conflictsno, sizeof (* iconf));
|
|
if (iconf == NULL)
|
|
{
|
|
Index: git/bfd/ChangeLog
|
|
===================================================================
|
|
--- git.orig/bfd/ChangeLog
|
|
+++ git/bfd/ChangeLog
|
|
@@ -1,3 +1,15 @@
|
|
+2017-04-13 Nick Clifton <nickc@redhat.com>
|
|
+
|
|
+ PR binutils/21379
|
|
+ * readelf.c (process_dynamic_section): Detect over large section
|
|
+ offsets in the DT_SYMTAB entry.
|
|
+
|
|
+2017-04-13 Nick Clifton <nickc@redhat.com>
|
|
+
|
|
+ PR binutils/21345
|
|
+ * readelf.c (process_mips_specific): Catch an unfeasible memory
|
|
+ allocation before it happens and print a suitable error message.
|
|
+
|
|
2017-04-03 Nick Clifton <nickc@redhat.com>
|
|
|
|
PR binutils/21345
|