diff options
| author |   Yuanjie Huang <Yuanjie.Huang@windriver.com> | 2017-05-31 01:37:58 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-08-29 15:11:36 +0100 |
| commit | fd7a91e2a6db1fb806c57c137f72efcffbf1f26b (patch) | |
| tree | 1911988f08c9ce00181bd4d2bb26dc58cd131a5d /meta | |
| parent | 565d4b9432c898e4483f392a91f4b4aaebb4b184 (diff) | |
| download | openembedded-core-contrib-fd7a91e2a6db1fb806c57c137f72efcffbf1f26b.tar.gz | |
binutils: fix CVE-2017-7209 in readelf
CVE: CVE-2017-7209
[BZ 21135] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21135
PR binutils/21135: Fix invalid read of section contents whilst
processing
a corrupt binary.
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch | 63 |
2 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index d32ce25dd5..5dca05e898 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -43,6 +43,7 @@ SRC_URI = "\ file://CVE-2017-6966.patch \ file://CVE-2017-6969.patch \ file://CVE-2017-6969_2.patch \ + file://CVE-2017-7209.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch new file mode 100644 index 0000000000..336d72cfe0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch @@ -0,0 +1,63 @@ +From 6e5e9d96b5bd7dc3147db9917d6a7a20682915cc Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Mon, 13 Feb 2017 15:04:37 +0000 +Subject: Fix invalid read of section contents whilst processing a corrupt + binary. + + PR binutils/21135 + * readelf.c (dump_section_as_bytes): Handle the case where + uncompress_section_contents returns false. + +CVE: CVE-2017-7209 +Upstream-Status: Backport[master] + +Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> +--- + binutils/ChangeLog | 6 ++++++ + binutils/readelf.c | 16 ++++++++++++---- + 2 files changed, 18 insertions(+), 4 deletions(-) + +diff --git a/binutils/ChangeLog b/binutils/ChangeLog +index 55d2f8ba40..c4d8e60eca 100644 +--- a/binutils/ChangeLog ++++ b/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2017-02-13 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/21135 ++ * readelf.c (dump_section_as_bytes): Handle the case where ++ uncompress_section_contents returns false. ++ + 2017-02-20 Nick Clifton <nickc@redhat.com> + + PR binutils/21156 +diff --git a/binutils/readelf.c b/binutils/readelf.c +index 7f7365dbc5..bc4e92fa81 100644 +--- a/binutils/readelf.c ++++ b/binutils/readelf.c +@@ -12473,10 +12473,18 @@ dump_section_as_bytes (Elf_Internal_Shdr * section, + new_size -= 12; + } + +- if (uncompressed_size +- && uncompress_section_contents (& start, uncompressed_size, +- & new_size)) +- section_size = new_size; ++ if (uncompressed_size) ++ { ++ if (uncompress_section_contents (& start, uncompressed_size, ++ & new_size)) ++ section_size = new_size; ++ else ++ { ++ error (_("Unable to decompress section %s\n"), ++ printable_section_name (section)); ++ return; ++ } ++ } + } + + if (relocate) +-- +2.11.0 + |