diff options
| author |   Yuanjie Huang <yuanjie.huang@windriver.com> | 2017-05-25 19:40:40 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-05-30 10:14:32 +0100 |
| commit | 2df642ca0a1e4a4e6616729018cf32d2108cabb2 (patch) | |
| tree | 460c8680d69464c4ae29033c601b4143646815cd | |
| parent | 5266e74c990df1cf965d162d9695eb5a698883ae (diff) | |
| download | openembedded-core-contrib-2df642ca0a1e4a4e6616729018cf32d2108cabb2.tar.gz | |
binutils: fix CVE-2017-7209 in readelf
CVE: CVE-2017-7209
[BZ 21135] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21135
PR binutils/21135: Fix invalid read of section contents whilst processing
a corrupt binary.
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.28.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch | 62 |
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index 75eca32b24..ed571b39e8 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc @@ -41,6 +41,7 @@ SRC_URI = "\ file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \ file://CVE-2017-6969.patch \ file://CVE-2017-6969_2.patch \ + file://CVE-2017-7209.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch new file mode 100644 index 0000000000..2357a12836 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch @@ -0,0 +1,62 @@ +From b2706ceadac7239e7b02d43f05100fc6538b0d65 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Mon, 13 Feb 2017 15:04:37 +0000 +Subject: Fix invalid read of section contents whilst processing a corrupt binary. + + PR binutils/21135 + * readelf.c (dump_section_as_bytes): Handle the case where + uncompress_section_contents returns false. + +CVE: CVE-2017-7209 +Upstream-Status: Backport[master] + +Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> +--- + binutils/ChangeLog | 6 ++++++ + binutils/readelf.c | 16 ++++++++++++---- + 2 files changed, 18 insertions(+), 4 deletions(-) + +diff --git a/binutils/ChangeLog b/binutils/ChangeLog +index 53352c1801..cf92744c12 100644 +--- a/binutils/ChangeLog ++++ b/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2017-02-13 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/21135 ++ * readelf.c (dump_section_as_bytes): Handle the case where ++ uncompress_section_contents returns false. ++ + 2017-02-20 Nick Clifton <nickc@redhat.com> + + PR binutils/21156 +diff --git a/binutils/readelf.c b/binutils/readelf.c +index 4960491c5c..f0e7b080e8 100644 +--- a/binutils/readelf.c ++++ b/binutils/readelf.c +@@ -12803,10 +12803,18 @@ dump_section_as_bytes (Elf_Internal_Shdr * section, + new_size -= 12; + } + +- if (uncompressed_size +- && uncompress_section_contents (& start, uncompressed_size, +- & new_size)) +- section_size = new_size; ++ if (uncompressed_size) ++ { ++ if (uncompress_section_contents (& start, uncompressed_size, ++ & new_size)) ++ section_size = new_size; ++ else ++ { ++ error (_("Unable to decompress section %s\n"), ++ printable_section_name (section)); ++ return; ++ } ++ } + } + + if (relocate) +-- +2.11.0 + |