diff options
author | Armin Kuster <akuster@mvista.com> | 2018-08-07 16:33:02 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-15 10:22:29 +0100 |
commit | 238a0a40a7835226dd25134e88f830683f60dac3 (patch) | |
tree | 993b7fb1bd494f1b80f2da9f4afcf11686aa3e63 | |
parent | ec8861a2f280a3210f9423fd1b687bca6340b8ca (diff) | |
download | openembedded-core-238a0a40a7835226dd25134e88f830683f60dac3.tar.gz |
binutls: Security fix for CVE-2017-17080
Affects: <= 2.29.1
Signed-off-by: Armin Kuster <akuster@mvista.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch | 78 |
2 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 6611fdc3a6..2a713caf5d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -60,6 +60,7 @@ SRC_URI = "\ file://CVE-2017-16830.patch \ file://CVE-2017-16831.patch \ file://CVE-2017-16832.patch \ + file://CVE-2017-17080.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch new file mode 100644 index 0000000000..611a276def --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch @@ -0,0 +1,78 @@ +From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Thu, 16 Nov 2017 14:53:32 +0000 +Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly + formated core notes. + + PR 22421 + * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough. + (elfcore_grok_openbsd_procinfo): Likewise. + (elfcore_grok_nto_status): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17080 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/elf.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd, + /* Check for version 1 in pr_version. */ + if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1) + return FALSE; ++ + offset = 4; + + /* Skip over pr_psinfosz. */ +@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N + static bfd_boolean + elfcore_grok_netbsd_procinfo (bfd *abfd, Elf_Internal_Note *note) + { ++ if (note->descsz <= 0x7c + 31) ++ return FALSE; ++ + /* Signal number at offset 0x08. */ + elf_tdata (abfd)->core->signal + = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08); +@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf + static bfd_boolean + elfcore_grok_openbsd_procinfo (bfd *abfd, Elf_Internal_Note *note) + { ++ if (note->descsz <= 0x48 + 31) ++ return FALSE; ++ + /* Signal number at offset 0x08. */ + elf_tdata (abfd)->core->signal + = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08); +@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_ + short sig; + unsigned flags; + ++ if (note->descsz < 16) ++ return FALSE; ++ + /* nto_procfs_status 'pid' field is at offset 0. */ + elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata); + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-11-16 Nick Clifton <nickc@redhat.com> ++ ++ PR 22421 ++ * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough. ++ (elfcore_grok_openbsd_procinfo): Likewise. ++ (elfcore_grok_nto_status): Likewise. ++ + 2017-10-31 Nick Clifton <nickc@redhat.com> + + PR 22373 |