diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 16:47:25 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:09:45 +0000 |
commit | fcadfc35ebe90d3f0f3aa0db8caeddb5c07c3120 (patch) | |
tree | af866f446ff6a69993f4e4e5780a1caaf2fc9edf | |
parent | ef1a98976886560396a514458edb80a21f09b808 (diff) | |
download | openembedded-core-fcadfc35ebe90d3f0f3aa0db8caeddb5c07c3120.tar.gz |
binutils: CVE-2017-7304
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74192
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: 9a4c249becded1b479c0b9e9f175aebb80294317
Description:
Fix seg-fault in strip when copying a corrupt binary.
PR binutils/20931
* elf.c (copy_special_section_fields): Check for an invalid
sh_link field before attempting to follow it.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch | 53 |
2 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index b60aa8a69d..d1ad198c57 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -66,6 +66,7 @@ SRC_URI = "\ file://CVE-2017-7301.patch \ file://CVE-2017-7302.patch \ file://CVE-2017-7303.patch \ + file://CVE-2017-7304.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch new file mode 100644 index 0000000000..817a3f0176 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch @@ -0,0 +1,53 @@ +commit 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df +Author: Nick Clifton <nickc@redhat.com> +Date: Tue Dec 6 16:53:57 2016 +0000 + + Fix seg-fault in strip when copying a corrupt binary. + + PR binutils/20931 + * elf.c (copy_special_section_fields): Check for an invalid + sh_link field before attempting to follow it. + +Upstream-Status: Backport + +CVE: CVE-2017-7304 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-04 16:13:03.512095249 +0530 ++++ git/bfd/ChangeLog 2017-09-04 16:16:25.173745111 +0530 +@@ -114,6 +114,12 @@ + (bfd_elf_final_link): Only initialize the extended symbol index + section if there are extended symbol tables to list. + ++ 2016-12-06 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/20931 ++ * elf.c (copy_special_section_fields): Check for an invalid ++ sh_link field before attempting to follow it. ++ + 2016-12-05 Nick Clifton <nickc@redhat.com> + + PR binutils/20905 +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c 2017-09-04 16:13:03.512095249 +0530 ++++ git/bfd/elf.c 2017-09-04 16:15:38.257359045 +0530 +@@ -1324,6 +1324,16 @@ + in the input bfd. */ + if (iheader->sh_link != SHN_UNDEF) + { ++ /* See PR 20931 for a reproducer. */ ++ if (iheader->sh_link >= elf_numsections (ibfd)) ++ { ++ (* _bfd_error_handler) ++ /* xgettext:c-format */ ++ (_("%B: Invalid sh_link field (%d) in section number %d"), ++ ibfd, iheader->sh_link, secnum); ++ return FALSE; ++ } ++ + sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link); + if (sh_link != SHN_UNDEF) + { |