diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-11-08 12:38:06 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:09:48 +0000 |
commit | 51fc4c8d86bc7c567794305bcc08e5054e9e204a (patch) | |
tree | 258e0559013f75ece16d07ae88ed35cc23a0e776 | |
parent | a36978f0dd372ec836f63942f965652ca3716e3f (diff) | |
download | openembedded-core-contrib-51fc4c8d86bc7c567794305bcc08e5054e9e204a.tar.gz |
binutils: CVE-2017-14729
Source: binutils-gdb.git
MR: 76278
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 05de8bcd22d8d0b54badcd3826cd370b3aed81de
Description:
x86: Guard against corrupted PLT
There should be only one entry in PLT for a given symbol. Set howto to
NULL after processing a PLT entry to guard against corrupted PLT so that
the duplicated PLT entries are skipped.
PR binutils/22170
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch | 45 |
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index b38a9583cf..b1669a4ef0 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -100,6 +100,7 @@ SRC_URI = "\ file://CVE-2017-9955_7.patch \ file://CVE-2017-9955_8.patch \ file://CVE-2017-9955_9.patch \ + file://CVE-2017-14729.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch new file mode 100644 index 0000000000..09d5143829 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch @@ -0,0 +1,45 @@ +commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360 +Author: H.J. Lu <hjl.tools@gmail.com> +Date: Fri Sep 22 14:15:40 2017 -0700 + +x86: Guard against corrupted PLT + +There should be only one entry in PLT for a given symbol. Set howto to +NULL after processing a PLT entry to guard against corrupted PLT so that +the duplicated PLT entries are skipped. + +PR binutils/22170 + +Upstream-Status: Backport + +CVE: CVE-2017-14729 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> +Index: git/bfd/elf-ifunc.c +=================================================================== +--- git.orig/bfd/elf-ifunc.c 2017-11-08 12:34:22.063320490 +0530 ++++ git/bfd/elf-ifunc.c 2017-11-08 12:34:29.995404891 +0530 +@@ -473,6 +473,10 @@ + memcpy (names, "@plt", sizeof ("@plt")); + names += sizeof ("@plt"); + ++s, ++n; ++ /* There should be only one entry in PLT for a given ++ symbol. Set howto to NULL after processing a PLT ++ entry to guard against corrupted PLT. */ ++ p->howto = NULL; + } + + free (plt_sym_val); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-11-08 12:34:29.939404297 +0530 ++++ git/bfd/ChangeLog 2017-11-08 12:35:55.660271599 +0530 +@@ -1,3 +1,9 @@ ++2017-09-22 H.J. Lu <hongjiu.lu@intel.com> ++ ++ PR binutils/22170 ++ * elf-ifunc.c (elf_get_synthetic_symtab): Guard against ++ corrupted PLT. ++ + 2017-07-27 Nick Clifton <nickc@redhat.com> + + PR 21840 |