diff options
author | Armin Kuster <akuster@mvista.com> | 2018-08-08 11:47:09 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-15 10:22:30 +0100 |
commit | 5fc41ff3341074497a1359969baf880d8035826b (patch) | |
tree | cfda76f345df67d85cc6e9061f967e364dba52e2 | |
parent | 7934bbc460009f52824e142273f2ecce957fc123 (diff) | |
download | openembedded-core-5fc41ff3341074497a1359969baf880d8035826b.tar.gz |
Binutils: Security fix for CVE-2018-10535
Affects: <= 2.30
Signed-off-by: Armin Kuster <akuster@mvista.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch | 63 |
2 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index ab6174559d..4d9983b984 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -68,6 +68,7 @@ SRC_URI = "\ file://CVE-2018-10372.patch \ file://CVE-2018-10373.patch \ file://CVE-2018-10534.patch \ + file://CVE-2018-10535.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch new file mode 100644 index 0000000000..29b834337e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch @@ -0,0 +1,63 @@ +From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 24 Apr 2018 16:57:04 +0100 +Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF + binary with corrupt section symbols. + + PR 23113 + * elf.c (ignore_section_sym): Check for the output_section pointer + being NULL before dereferencing it. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10535 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 4 ++++ + bfd/elf.c | 9 ++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -3994,15 +3994,22 @@ ignore_section_sym (bfd *abfd, asymbol * + { + elf_symbol_type *type_ptr; + ++ if (sym == NULL) ++ return FALSE; ++ + if ((sym->flags & BSF_SECTION_SYM) == 0) + return FALSE; + ++ if (sym->section == NULL) ++ return TRUE; ++ + type_ptr = elf_symbol_from (abfd, sym); + return ((type_ptr != NULL + && type_ptr->internal_elf_sym.st_shndx != 0 + && bfd_is_abs_section (sym->section)) + || !(sym->section->owner == abfd +- || (sym->section->output_section->owner == abfd ++ || (sym->section->output_section != NULL ++ && sym->section->output_section->owner == abfd + && sym->section->output_offset == 0) + || bfd_is_abs_section (sym->section))); + } +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,10 @@ + 2018-04-24 Nick Clifton <nickc@redhat.com> ++ ++ PR 23113 ++ * elf.c (ignore_section_sym): Check for the output_section pointer ++ being NULL before dereferencing it. ++ ++2018-04-24 Nick Clifton <nickc@redhat.com> + + PR 23110 + * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for |