diff options
| author |   Armin Kuster <akuster@mvista.com> | 2018-08-05 22:05:12 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-06 16:23:55 +0100 |
| commit | 832316491aab8b90719cefeba2bfd94cef04b80f (patch) | |
| tree | 5c9d6441e549a0c9c41107ae8f7eb30f354199bb /meta/recipes-devtools | |
| parent | 3c83b9be884015e238249c0382299aedf4d81459 (diff) | |
| download | openembedded-core-contrib-832316491aab8b90719cefeba2bfd94cef04b80f.tar.gz | |
binutls: Security fix CVE-2018-10372
Affects <= 2.30
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta/recipes-devtools')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.30.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch | 58 |
2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc index 7b1705e8eb..8693757e18 100644 --- a/meta/recipes-devtools/binutils/binutils-2.30.inc +++ b/meta/recipes-devtools/binutils/binutils-2.30.inc @@ -44,6 +44,7 @@ SRC_URI = "\ file://CVE-2018-7569.patch \ file://CVE-2018-7568.patch \ file://CVE-2018-10373.patch \ + file://CVE-2018-10372.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch new file mode 100644 index 0000000000..053e9d8d64 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch @@ -0,0 +1,58 @@ +From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 17 Apr 2018 12:35:55 +0100 +Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF + information. + + PR 23064 + * dwarf.c (process_cu_tu_index): Test for a potential buffer + overrun before copying signature pointer. + +Upstream-Status: Backport +Affects: Binutils <= 2.30 +CVE: CVE-2018-10372 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/dwarf.c | 13 ++++++++++++- + 2 files changed, 18 insertions(+), 1 deletion(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -9252,7 +9252,18 @@ process_cu_tu_index (struct dwarf_sectio + } + + if (!do_display) +- memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t)); ++ { ++ size_t num_copy = sizeof (uint64_t); ++ ++ /* PR 23064: Beware of buffer overflow. */ ++ if (ph + num_copy < limit) ++ memcpy (&this_set[row - 1].signature, ph, num_copy); ++ else ++ { ++ warn (_("Signature (%p) extends beyond end of space in section\n"), ph); ++ return 0; ++ } ++ } + + prow = poffsets + (row - 1) * ncols * 4; + /* PR 17531: file: b8ce60a8. */ +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2018-04-17 Nick Clifton <nickc@redhat.com> ++ ++ PR 23064 ++ * dwarf.c (process_cu_tu_index): Test for a potential buffer ++ overrun before copying signature pointer. ++ + 2018-01-27 Nick Clifton <nickc@redhat.com> + + Back to development. |