diff options
| author |   Armin Kuster <akuster@mvista.com> | 2018-08-08 13:07:41 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-15 10:22:30 +0100 |
| commit | 52a93bb4c5b5128ff3fa8be84c41309cfeff8224 (patch) | |
| tree | 0c6f8d7386166b5ffe6a32ee40380530489d3d91 | |
| parent | 64afab325facc55f4a49247e4033b1d3c8b22b67 (diff) | |
| download | openembedded-core-contrib-52a93bb4c5b5128ff3fa8be84c41309cfeff8224.tar.gz | |
Binutils: Security fix for CVE-2018-6323
Affected: <= 2.29.1
Signed-off-by: Armin Kuster <akuster@mvista.com>
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch | 55 |
2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 2f9b4fee02..db7305a954 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -70,6 +70,7 @@ SRC_URI = "\ file://CVE-2018-10534.patch \ file://CVE-2018-10535.patch \ file://CVE-2018-13033.patch \ + file://CVE-2018-6323.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch new file mode 100644 index 0000000000..2c6b1b2427 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch @@ -0,0 +1,55 @@ +From 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 25 Jan 2018 21:47:41 +1030 +Subject: [PATCH] PR22746, crash when running 32-bit objdump on corrupted file + +Avoid unsigned int overflow by performing bfd_size_type multiplication. + + PR 22746 + * elfcode.h (elf_object_p): Avoid integer overflow. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2018-6323 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/elfcode.h | 4 ++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +Index: git/bfd/elfcode.h +=================================================================== +--- git.orig/bfd/elfcode.h ++++ git/bfd/elfcode.h +@@ -680,7 +680,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp)) + goto got_wrong_format_error; + #endif +- amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum; ++ amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum; + i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt); + if (!i_shdrp) + goto got_no_match; +@@ -776,7 +776,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr)) + goto got_wrong_format_error; + #endif +- amt = i_ehdrp->e_phnum * sizeof (*i_phdr); ++ amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr); + elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt); + if (elf_tdata (abfd)->phdr == NULL) + goto got_no_match; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-01-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22746 ++ * elfcode.h (elf_object_p): Avoid integer overflow. ++ + 2018-05-08 Nick Clifton <nickc@redhat.com> + + PR 22809 |