summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/elfutils/files/0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/elfutils/files/0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch')
-rw-r--r--meta/recipes-devtools/elfutils/files/0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/files/0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch b/meta/recipes-devtools/elfutils/files/0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch
new file mode 100644
index 0000000000..2c74a8d5d7
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch
@@ -0,0 +1,60 @@
+From 8cbb2f8de89d65ca52d4242f213a6206b48d2c8d Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Fri, 2 Nov 2018 14:22:31 +0800
+Subject: [PATCH] libdwfl: Sanity check partial core file data reads.
+
+There were two issues when reading note data from a core file.
+We didn't check if the data we already had in a buffer was big
+enough. And if we did get the data, we should check if we got
+everything, or just a part of the data.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=23752
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+CVE: CVE-2018-18310
+Upstream-Status: Backport [http://sourceware.org/git/elfutils.git]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ libdwfl/dwfl_segment_report_module.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/libdwfl/dwfl_segment_report_module.c b/libdwfl/dwfl_segment_report_module.c
+index 36e5c82..8749884 100644
+--- a/libdwfl/dwfl_segment_report_module.c
++++ b/libdwfl/dwfl_segment_report_module.c
+@@ -1,5 +1,5 @@
+ /* Sniff out modules from ELF headers visible in memory segments.
+- Copyright (C) 2008-2012, 2014, 2015 Red Hat, Inc.
++ Copyright (C) 2008-2012, 2014, 2015, 2018 Red Hat, Inc.
+ This file is part of elfutils.
+
+ This file is free software; you can redistribute it and/or modify
+@@ -301,7 +301,10 @@ dwfl_segment_report_module (Dwfl *dwfl, int ndx, const char *name,
+ inline bool read_portion (void **data, size_t *data_size,
+ GElf_Addr vaddr, size_t filesz)
+ {
+- if (vaddr - start + filesz > buffer_available
++ /* Check whether we will have to read the segment data, or if it
++ can be returned from the existing buffer. */
++ if (filesz > buffer_available
++ || vaddr - start > buffer_available - filesz
+ /* If we're in string mode, then don't consider the buffer we have
+ sufficient unless it contains the terminator of the string. */
+ || (filesz == 0 && memchr (vaddr - start + buffer, '\0',
+@@ -459,6 +462,12 @@ dwfl_segment_report_module (Dwfl *dwfl, int ndx, const char *name,
+ if (read_portion (&data, &data_size, vaddr, filesz))
+ return;
+
++ /* data_size will be zero if we got everything from the initial
++ buffer, otherwise it will be the size of the new buffer that
++ could be read. */
++ if (data_size != 0)
++ filesz = data_size;
++
+ assert (sizeof (Elf32_Nhdr) == sizeof (Elf64_Nhdr));
+
+ void *notes;
+--
+2.7.4
+