blob: 11ecb71b2e30ce93b9c1ea32da5a876ab322abea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From f7bbc8890de45df6eda0ddef5dd04f835f54eecf Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 20 Feb 2019 17:03:47 +0000
Subject: [PATCH] Fix a illegal memory access fault when parsing a corrupt MIPS
option section using readelf.
PR 24243
* readelf.c (process_mips_specific): Check for an options section
that is too small to even contain a single option.
Upstream-Status: Backport [https://github.com/bminor/binutils-gdb/commit/7fc0c668f2aceb8582d74db1ad2528e2bba8a921]
CVE: CVE-2019-9077
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
binutils/readelf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 9df3742..18ab806 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -16179,6 +16179,12 @@ process_mips_specific (Filedata * filedata)
error (_("No MIPS_OPTIONS header found\n"));
return FALSE;
}
+ /* PR 24243 */
+ if (sect->sh_size < sizeof (* eopt))
+ {
+ error (_("The MIPS options section is too small.\n"));
+ return FALSE;
+ }
eopt = (Elf_External_Options *) get_data (NULL, filedata, options_offset, 1,
sect->sh_size, _("options"));
--
2.7.4
|
