mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-04 22:39:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c4f7c39a4394cd55df81cd698204b277eab9eb3d
poky/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch
Thiruvadi Rajaraman e7f53f5fe5 binutils: CVE-2017-9955 
Source: binutils-gdb.git
MR: 73893
Type: Security Fix
Disposition: Backport from 'binutils-gdb.git/master' branch
ChangeID: 94c3ef8c1fa2e84e84ad76fb45307848d98817c8
Description:

PR 21665 : Fixed multiple heap based buffer overflow

Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: a36978f0dd372ec836f63942f965652ca3716e3f)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-01-07 17:10:09 +00:00

361 lines
12 KiB
Diff
Raw Blame History

commit 8e2f54bcee7e3e8315d4a39a302eaf8e4389e07d
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue May 30 06:34:05 2017 -0700
Add bfd_get_file_size to get archive element size
We can't use stat() to get archive element size. Add bfd_get_file_size
to get size for both normal files and archive elements.
bfd/
PR binutils/21519
* bfdio.c (bfd_get_file_size): New function.
* bfd-in2.h: Regenerated.
binutils/
PR binutils/21519
* objdump.c (dump_relocs_in_section): Replace get_file_size
with bfd_get_file_size to get archive element size.
* testsuite/binutils-all/objdump.exp (test_objdump_f): New
proc.
(test_objdump_h): Likewise.
(test_objdump_t): Likewise.
(test_objdump_r): Likewise.
(test_objdump_s): Likewise.
Add objdump tests on archive.
Upstream-Status: Backport
CVE: CVE-2017-9955
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Index: git/bfd/bfd-in2.h
===================================================================
--- git.orig/bfd/bfd-in2.h 2017-09-21 20:09:13.475032861 +0530
+++ git/bfd/bfd-in2.h 2017-09-21 20:09:16.375051269 +0530
@@ -1208,6 +1208,8 @@
file_ptr bfd_get_size (bfd *abfd);
+file_ptr bfd_get_file_size (bfd *abfd);
+
void *bfd_mmap (bfd *abfd, void *addr, bfd_size_type len,
int prot, int flags, file_ptr offset,
void **map_addr, bfd_size_type *map_len);
Index: git/bfd/bfdio.c
===================================================================
--- git.orig/bfd/bfdio.c 2017-09-21 20:08:55.774919453 +0530
+++ git/bfd/bfdio.c 2017-09-21 20:09:16.375051269 +0530
@@ -434,6 +434,29 @@
return buf.st_size;
}
+/*
+FUNCTION
+ bfd_get_file_size
+
+SYNOPSIS
+ file_ptr bfd_get_file_size (bfd *abfd);
+
+DESCRIPTION
+ Return the file size (as read from file system) for the file
+ associated with BFD @var{abfd}. It supports both normal files
+ and archive elements.
+
+*/
+
+file_ptr
+bfd_get_file_size (bfd *abfd)
+{
+ if (abfd->my_archive != NULL
+ && !bfd_is_thin_archive (abfd->my_archive))
+ return arelt_size (abfd);
+
+ return bfd_get_size (abfd);
+}
/*
FUNCTION
Index: git/binutils/objdump.c
===================================================================
--- git.orig/binutils/objdump.c 2017-09-21 20:09:16.319050914 +0530
+++ git/binutils/objdump.c 2017-09-21 20:09:16.375051269 +0530
@@ -3240,7 +3240,7 @@
}
if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
- && relsize > get_file_size (bfd_get_filename (abfd)))
+ && relsize > bfd_get_file_size (abfd))
{
printf (" (too many: 0x%x)\n", section->reloc_count);
bfd_set_error (bfd_error_file_truncated);
Index: git/binutils/testsuite/binutils-all/objdump.exp
===================================================================
--- git.orig/binutils/testsuite/binutils-all/objdump.exp 2017-09-21 20:08:55.982920797 +0530
+++ git/binutils/testsuite/binutils-all/objdump.exp 2017-09-21 20:09:16.375051269 +0530
@@ -64,96 +64,168 @@
if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest.o]} then {
return
}
+if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest2.o]} then {
+ return
+}
if [is_remote host] {
set testfile [remote_download host tmpdir/bintest.o]
+ set testfile2 [remote_download host tmpdir/bintest2.o]
} else {
set testfile tmpdir/bintest.o
+ set testfile2 tmpdir/bintest2.o
+}
+
+if { ![istarget "alpha-*-*"] || [is_elf_format] } then {
+ remote_file host file delete tmpdir/bintest.a
+ set got [binutils_run $AR "rc tmpdir/bintest.a $testfile2"]
+ if ![string match "" $got] then {
+ fail "bintest.a"
+ remote_file host delete tmpdir/bintest.a
+ } else {
+ if [is_remote host] {
+ set testarchive [remote_download host tmpdir/bintest.a]
+ } else {
+ set testarchive tmpdir/bintest.a
+ }
+ }
+ remote_file host delete tmpdir/bintest2.o
}
# Test objdump -f
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
+proc test_objdump_f { testfile dumpfile } {
+ global OBJDUMP
+ global OBJDUMPFLAGS
+ global cpus_regex
-set want "$testfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
+ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
-if ![regexp $want $got] then {
- fail "objdump -f"
-} else {
- pass "objdump -f"
+ set want "$dumpfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
+
+ if ![regexp $want $got] then {
+ fail "objdump -f ($testfile, $dumpfile)"
+ } else {
+ pass "objdump -f ($testfile, $dumpfile)"
+ }
+}
+
+test_objdump_f $testfile $testfile
+if { [ remote_file host exists $testarchive ] } then {
+ test_objdump_f $testarchive bintest2.o
}
# Test objdump -h
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
+proc test_objdump_h { testfile dumpfile } {
+ global OBJDUMP
+ global OBJDUMPFLAGS
-set want "$testfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)"
+ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
-if ![regexp $want $got all text_name text_size data_name data_size] then {
- fail "objdump -h"
-} else {
- verbose "text name is $text_name size is $text_size"
- verbose "data name is $data_name size is $data_size"
- set ets 8
- set eds 4
- # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
- if [istarget *c4x*-*-*] then {
- set ets 2
- set eds 1
- }
- # c54x section sizes are in bytes, not octets; adjust accordingly
- if [istarget *c54x*-*-*] then {
- set ets 4
- set eds 2
- }
- if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
- send_log "sizes too small\n"
- fail "objdump -h"
+ set want "$dumpfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)"
+
+ if ![regexp $want $got all text_name text_size data_name data_size] then {
+ fail "objdump -h ($testfile, $dumpfile)"
} else {
- pass "objdump -h"
+ verbose "text name is $text_name size is $text_size"
+ verbose "data name is $data_name size is $data_size"
+ set ets 8
+ set eds 4
+ # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
+ if [istarget *c4x*-*-*] then {
+ set ets 2
+ set eds 1
+ }
+ # c54x section sizes are in bytes, not octets; adjust accordingly
+ if [istarget *c54x*-*-*] then {
+ set ets 4
+ set eds 2
+ }
+ if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
+ send_log "sizes too small\n"
+ fail "objdump -h ($testfile, $dumpfile)"
+ } else {
+ pass "objdump -h ($testfile, $dumpfile)"
+ }
}
}
+test_objdump_h $testfile $testfile
+if { [ remote_file host exists $testarchive ] } then {
+ test_objdump_h $testarchive bintest2.o
+}
+
# Test objdump -t
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
+proc test_objdump_t { testfile} {
+ global OBJDUMP
+ global OBJDUMPFLAGS
+
+ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
+
+ if [info exists vars] then { unset vars }
+ while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
+ set vars($symbol) 1
+ set got $rest
+ }
-if [info exists vars] then { unset vars }
-while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
- set vars($symbol) 1
- set got $rest
+ if {![info exists vars(text_symbol)] \
+ || ![info exists vars(data_symbol)] \
+ || ![info exists vars(common_symbol)] \
+ || ![info exists vars(external_symbol)]} then {
+ fail "objdump -t ($testfile)"
+ } else {
+ pass "objdump -t ($testfile)"
+ }
}
-if {![info exists vars(text_symbol)] \
- || ![info exists vars(data_symbol)] \
- || ![info exists vars(common_symbol)] \
- || ![info exists vars(external_symbol)]} then {
- fail "objdump -t"
-} else {
- pass "objdump -t"
+test_objdump_t $testfile
+if { [ remote_file host exists $testarchive ] } then {
+ test_objdump_t $testarchive
}
# Test objdump -r
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
+proc test_objdump_r { testfile dumpfile } {
+ global OBJDUMP
+ global OBJDUMPFLAGS
-set want "$testfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
+ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
-if [regexp $want $got] then {
- pass "objdump -r"
-} else {
- fail "objdump -r"
+ set want "$dumpfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
+
+ if [regexp $want $got] then {
+ pass "objdump -r ($testfile, $dumpfile)"
+ } else {
+ fail "objdump -r ($testfile, $dumpfile)"
+ }
+}
+
+test_objdump_r $testfile $testfile
+if { [ remote_file host exists $testarchive ] } then {
+ test_objdump_r $testarchive bintest2.o
}
# Test objdump -s
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
+proc test_objdump_s { testfile dumpfile } {
+ global OBJDUMP
+ global OBJDUMPFLAGS
-set want "$testfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)"
+ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
-if [regexp $want $got] then {
- pass "objdump -s"
-} else {
- fail "objdump -s"
+ set want "$dumpfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)"
+
+ if [regexp $want $got] then {
+ pass "objdump -s ($testfile, $dumpfile)"
+ } else {
+ fail "objdump -s ($testfile, $dumpfile)"
+ }
+}
+
+test_objdump_s $testfile $testfile
+if { [ remote_file host exists $testarchive ] } then {
+ test_objdump_s $testarchive bintest2.o
}
# Test objdump -s on a file that contains a compressed .debug section
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog 2017-09-21 20:09:16.207050204 +0530
+++ git/bfd/ChangeLog 2017-09-21 20:13:41.504562787 +0530
@@ -158,6 +158,12 @@
(bfd_perform_relocation, bfd_install_relocation): Use it.
(_bfd_final_link_relocate): Likewise.
+2017-05-30 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21519
+ * bfdio.c (bfd_get_file_size): New function.
+ * bfd-in2.h: Regenerated.
+
2017-04-26 Nick Clifton <nickc@redhat.com>
PR binutils/21434
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog 2017-09-21 20:09:16.319050914 +0530
+++ git/binutils/ChangeLog 2017-09-21 20:12:42.624252645 +0530
@@ -25,6 +25,19 @@
section size against file size, but instead use an arbitrary 2Gb
limit. Issue a warning message if the section is too big.
+2017-05-30 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21519
+ * objdump.c (dump_relocs_in_section): Replace get_file_size
+ with bfd_get_file_size to get archive element size.
+ * testsuite/binutils-all/objdump.exp (test_objdump_f): New
+ proc.
+ (test_objdump_h): Likewise.
+ (test_objdump_t): Likewise.
+ (test_objdump_r): Likewise.
+ (test_objdump_s): Likewise.
+ Add objdump tests on archive.
+
2017-05-02 Nick Clifton <nickc@redhat.com>
PR 21440
Reference in New Issue View Git Blame Copy Permalink