mirror of
https://git.yoctoproject.org/poky
synced 2026-02-23 18:09:40 +01:00
2d699f84a3
CVE: CVE-2019-7664.patch CVE: CVE-2019-7665.patch Sign off: Shubham Agrawal <shuagr@microsoft.com> (From OE-Core rev: 8ca80002aa21897834b8c9869137461221e50225) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
66 lines
2.2 KiB
Diff
66 lines
2.2 KiB
Diff
From 3ed05376e7b2c96c1d6eb24d2842cc25b79a4f07 Mon Sep 17 00:00:00 2001
|
|
From: Mark Wielaard <mark@klomp.org>
|
|
Date: Wed, 16 Jan 2019 12:25:57 +0100
|
|
Subject: [PATCH] CVE: CVE-2019-7664
|
|
|
|
Upstream-Status: Backport
|
|
libelf: Correct overflow check in note_xlate.
|
|
|
|
We want to make sure the note_len doesn't overflow and becomes shorter
|
|
than the note header. But the namesz and descsz checks got the note header
|
|
size wrong). Replace the wrong constant (8) with a sizeof cvt_Nhdr (12).
|
|
|
|
https://sourceware.org/bugzilla/show_bug.cgi?id=24084
|
|
|
|
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
|
Signed-off-by: Ubuntu <lisa@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net>
|
|
---
|
|
libelf/ChangeLog | 13 +++++++++++++
|
|
libelf/note_xlate.h | 4 ++--
|
|
2 files changed, 15 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
|
|
index 68c4fbd..892e6e7 100644
|
|
--- a/libelf/ChangeLog
|
|
+++ b/libelf/ChangeLog
|
|
@@ -1,3 +1,16 @@
|
|
+<<<<<<< HEAD
|
|
+=======
|
|
+2019-01-16 Mark Wielaard <mark@klomp.org>
|
|
+
|
|
+ * note_xlate.h (elf_cvt_note): Check n_namesz and n_descsz don't
|
|
+ overflow note_len into note header.
|
|
+
|
|
+2018-11-17 Mark Wielaard <mark@klomp.org>
|
|
+
|
|
+ * elf32_updatefile.c (updatemmap): Make sure to call convert
|
|
+ function on a properly aligned destination.
|
|
+
|
|
+>>>>>>> e65d91d... libelf: Correct overflow check in note_xlate.
|
|
2018-11-16 Mark Wielaard <mark@klomp.org>
|
|
|
|
* libebl.h (__elf32_msize): Mark with const attribute.
|
|
diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h
|
|
index 9bdc3e2..bc9950f 100644
|
|
--- a/libelf/note_xlate.h
|
|
+++ b/libelf/note_xlate.h
|
|
@@ -46,13 +46,13 @@ elf_cvt_note (void *dest, const void *src, size_t len, int encode,
|
|
/* desc needs to be aligned. */
|
|
note_len += n->n_namesz;
|
|
note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
|
|
- if (note_len > len || note_len < 8)
|
|
+ if (note_len > len || note_len < sizeof *n)
|
|
break;
|
|
|
|
/* data as a whole needs to be aligned. */
|
|
note_len += n->n_descsz;
|
|
note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
|
|
- if (note_len > len || note_len < 8)
|
|
+ if (note_len > len || note_len < sizeof *n)
|
|
break;
|
|
|
|
/* Copy or skip the note data. */
|
|
--
|
|
2.7.4
|
|
|