aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch')
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch74
1 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch
new file mode 100644
index 00000000000..b44d448fce5
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch
@@ -0,0 +1,74 @@
+From 90cce28d4b59f86366d4f562d01a8d439d514234 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 9 Jan 2019 12:25:16 +0000
+Subject: [PATCH] Fix a heap use after free memory access fault when displaying
+ error messages about malformed archives.
+
+ PR 14049
+ * readelf.c (process_archive): Use arch.file_name in error
+ messages until the qualified name is available.
+
+CVE: CVE-2018-20623
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=28e817cc440bce73691c03e01860089a0954a837]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ binutils/readelf.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index f4df697a7d..280023d8de 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -19061,7 +19061,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ /* Read the next archive header. */
+ if (fseek (filedata->handle, arch.next_arhdr_offset, SEEK_SET) != 0)
+ {
+- error (_("%s: failed to seek to next archive header\n"), filedata->file_name);
++ error (_("%s: failed to seek to next archive header\n"), arch.file_name);
+ return FALSE;
+ }
+ got = fread (&arch.arhdr, 1, sizeof arch.arhdr, filedata->handle);
+@@ -19069,7 +19069,10 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ {
+ if (got == 0)
+ break;
+- error (_("%s: failed to read archive header\n"), filedata->file_name);
++ /* PR 24049 - we cannot use filedata->file_name as this will
++ have already been freed. */
++ error (_("%s: failed to read archive header\n"), arch.file_name);
++
+ ret = FALSE;
+ break;
+ }
+@@ -19089,7 +19092,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ name = get_archive_member_name (&arch, &nested_arch);
+ if (name == NULL)
+ {
+- error (_("%s: bad archive file name\n"), filedata->file_name);
++ error (_("%s: bad archive file name\n"), arch.file_name);
+ ret = FALSE;
+ break;
+ }
+@@ -19098,7 +19101,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ qualified_name = make_qualified_name (&arch, &nested_arch, name);
+ if (qualified_name == NULL)
+ {
+- error (_("%s: bad archive file name\n"), filedata->file_name);
++ error (_("%s: bad archive file name\n"), arch.file_name);
+ ret = FALSE;
+ break;
+ }
+@@ -19144,7 +19147,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ if (nested_arch.file == NULL)
+ {
+ error (_("%s: contains corrupt thin archive: %s\n"),
+- filedata->file_name, name);
++ qualified_name, name);
+ ret = FALSE;
+ break;
+ }
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+