aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThiruvadi Rajaraman <trajaraman@mvista.com>2017-11-08 12:38:06 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-01-07 17:09:48 +0000
commit51fc4c8d86bc7c567794305bcc08e5054e9e204a (patch)
tree258e0559013f75ece16d07ae88ed35cc23a0e776
parenta36978f0dd372ec836f63942f965652ca3716e3f (diff)
downloadopenembedded-core-contrib-51fc4c8d86bc7c567794305bcc08e5054e9e204a.tar.gz
binutils: CVE-2017-14729
Source: binutils-gdb.git MR: 76278 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 05de8bcd22d8d0b54badcd3826cd370b3aed81de Description: x86: Guard against corrupted PLT There should be only one entry in PLT for a given symbol. Set howto to NULL after processing a PLT entry to guard against corrupted PLT so that the duplicated PLT entries are skipped. PR binutils/22170 Affects: <= 2.29 Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.27.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch45
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index b38a9583cf..b1669a4ef0 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -100,6 +100,7 @@ SRC_URI = "\
file://CVE-2017-9955_7.patch \
file://CVE-2017-9955_8.patch \
file://CVE-2017-9955_9.patch \
+ file://CVE-2017-14729.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
new file mode 100644
index 0000000000..09d5143829
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
@@ -0,0 +1,45 @@
+commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Fri Sep 22 14:15:40 2017 -0700
+
+x86: Guard against corrupted PLT
+
+There should be only one entry in PLT for a given symbol. Set howto to
+NULL after processing a PLT entry to guard against corrupted PLT so that
+the duplicated PLT entries are skipped.
+
+PR binutils/22170
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-14729
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/elf-ifunc.c
+===================================================================
+--- git.orig/bfd/elf-ifunc.c 2017-11-08 12:34:22.063320490 +0530
++++ git/bfd/elf-ifunc.c 2017-11-08 12:34:29.995404891 +0530
+@@ -473,6 +473,10 @@
+ memcpy (names, "@plt", sizeof ("@plt"));
+ names += sizeof ("@plt");
+ ++s, ++n;
++ /* There should be only one entry in PLT for a given
++ symbol. Set howto to NULL after processing a PLT
++ entry to guard against corrupted PLT. */
++ p->howto = NULL;
+ }
+
+ free (plt_sym_val);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-11-08 12:34:29.939404297 +0530
++++ git/bfd/ChangeLog 2017-11-08 12:35:55.660271599 +0530
+@@ -1,3 +1,9 @@
++2017-09-22 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/22170
++ * elf-ifunc.c (elf_get_synthetic_symtab): Guard against
++ corrupted PLT.
++
+ 2017-07-27 Nick Clifton <nickc@redhat.com>
+
+ PR 21840