diff options
| author |   Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 16:44:08 +0530 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:09:45 +0000 |
| commit | ef1a98976886560396a514458edb80a21f09b808 (patch) | |
| tree | 3bd160640f3e60fce768b5f1904ec6b6907efa6e /meta/recipes-devtools | |
| parent | dbe4c78bee0ed36fc8789f1a13678be1b8c0bcf5 (diff) | |
| download | openembedded-core-ef1a98976886560396a514458edb80a21f09b808.tar.gz | |
binutils: CVE-2017-7303
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74205
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: db5bfb63661d39846c3b03353e1383c621759d48
Description:
Fix seg-fault attempting to strip a corrupt binary.
PR binutils/20922
* elf.c (find_link): Check for null headers before attempting to
match them.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-devtools')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch | 55 |
2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 936cdc3c98..b60aa8a69d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -65,6 +65,7 @@ SRC_URI = "\ file://CVE-2017-7227.patch \ file://CVE-2017-7301.patch \ file://CVE-2017-7302.patch \ + file://CVE-2017-7303.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch new file mode 100644 index 0000000000..59a3b17461 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch @@ -0,0 +1,55 @@ +commit a55c9876bb111fd301b4762cf501de0040b8f9db +Author: Nick Clifton <nickc@redhat.com> +Date: Mon Dec 5 13:35:50 2016 +0000 + + Fix seg-fault attempting to strip a corrupt binary. + + PR binutils/20922 + * elf.c (find_link): Check for null headers before attempting to + match them. + +Upstream-Status: Backport + +CVE: CVE-2017-7303 +Signed-off-by: Thiruvadi Rajaraman <tarjaraman@mvista.com> + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-04 16:06:08.996688391 +0530 ++++ git/bfd/ChangeLog 2017-09-04 16:09:26.810320541 +0530 +@@ -124,6 +124,10 @@ + (aout_link_add_symbols): Fix off by one error checking for + overflow of string offset. + ++ PR binutils/20922 ++ * elf.c (find_link): Check for null headers before attempting to ++ match them. ++ + PR binutils/20921 + * aoutx.h (squirt_out_relocs): Check for and report any relocs + that could not be recognised. +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c 2017-09-04 16:05:55.612577527 +0530 ++++ git/bfd/elf.c 2017-09-04 16:08:35.709900050 +0530 +@@ -1249,13 +1249,19 @@ + Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd); + unsigned int i; + +- if (section_match (oheaders[hint], iheader)) ++ BFD_ASSERT (iheader != NULL); ++ ++ /* See PR 20922 for a reproducer of the NULL test. */ ++ if (oheaders[hint] != NULL ++ && section_match (oheaders[hint], iheader)) + return hint; + + for (i = 1; i < elf_numsections (obfd); i++) + { + Elf_Internal_Shdr * oheader = oheaders[i]; + ++ if (oheader == NULL) ++ continue; + if (section_match (oheader, iheader)) + /* FIXME: Do we care if there is a potential for + multiple matches ? */ |