diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-08-31 19:23:29 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:09:44 +0000 |
commit | 2cc3922462c9dd86f50a419a2a4abb0f3b5b4745 (patch) | |
tree | 10b267f1e57645c0361fecb2d963bc515f6cd61e /meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch | |
parent | 62eeac8e4684c129af6f36aa7c2b91270a5dacde (diff) | |
download | openembedded-core-2cc3922462c9dd86f50a419a2a4abb0f3b5b4745.tar.gz |
binutils: CVE-2017-12450_12452_12453_12454_12456
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73854, 73827, 73814, 73801, 73775
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: fb23096307f9903872a04edf171d1fd2099e35c5
Description:
Fix address violation errors parsing corrupt binary files.
PR 21813
binutils* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
string whilst concatenating symbol names.
bfd * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
of the relocs to the canonicalize_one_reloc routine.
* mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
for the _bfd_mach_o_canonicalize_one_reloc field.
* mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
res_base parameter. Use to check for corrupt pair relocs.
* mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
Likewise.
* mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
Likewise.
* mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
Likewise.
* vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
enough data in the record before attempting to parse it.
(_bfd_vms_slurp_eeom): Likewise.
(_bfd_vms_slurp_egsd): Check for an invalid section index.
(image_set_ptr): Likewise.
(alpha_vms_slurp_relocs): Likewise.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch new file mode 100644 index 0000000000..208bbbafae --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch @@ -0,0 +1,113 @@ +commit cb06d03ad92ffcfaa09c3f065837cb39e9e1486d +Author: Nick Clifton <nickc@redhat.com> +Date: Wed Jun 21 11:13:49 2017 +0100 + + Fix address violation parsing a corrupt IEEE Alpha binary. + + PR binutils/21637 + * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section + list. + (image_set_ptr): Likewise. + (alpha_vms_fix_sec_rel): Likewise. + (alpha_vms_slurp_relocs): Likewise. + +Upstream-Status: Backport + +CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/vms-alpha.c +=================================================================== +--- git.orig/bfd/vms-alpha.c 2017-08-31 18:01:00.742098130 +0530 ++++ git/bfd/vms-alpha.c 2017-08-31 18:01:06.000000000 +0530 +@@ -1257,6 +1257,8 @@ + struct vms_esdf *esdf = (struct vms_esdf *)vms_rec; + + entry->value = bfd_getl64 (esdf->value); ++ if (PRIV (sections) == NULL) ++ return FALSE; + entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)]; + + if (old_flags & EGSY__V_NORM) +@@ -1291,7 +1293,11 @@ + entry->symbol_vector = bfd_getl32 (egst->value); + + if (old_flags & EGSY__V_REL) +- entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)]; ++ { ++ if (PRIV (sections) == NULL) ++ return FALSE; ++ entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)]; ++ } + else + entry->section = bfd_abs_section_ptr; + +@@ -1379,6 +1385,8 @@ + + vms_debug2 ((4, "image_set_ptr (0x%08x, sect=%d)\n", (unsigned)vma, sect)); + ++ if (PRIV (sections) == NULL) ++ return; + sec = PRIV (sections)[sect]; + + if (info) +@@ -1691,7 +1699,12 @@ + alpha_vms_fix_sec_rel (bfd *abfd, struct bfd_link_info *info, + unsigned int rel, bfd_vma vma) + { +- asection *sec = PRIV (sections)[rel & RELC_MASK]; ++ asection *sec; ++ ++ if (PRIV (sections) == NULL) ++ return 0; ++ ++ sec = PRIV (sections)[rel & RELC_MASK]; + + if (info) + { +@@ -5000,6 +5013,8 @@ + return FALSE; + } + ++ if (PRIV (sections) == NULL) ++ return FALSE; + sec = PRIV (sections)[cur_psect]; + if (sec == bfd_abs_section_ptr) + { +@@ -5058,8 +5073,12 @@ + reloc->sym_ptr_ptr = sym; + } + else if (cur_psidx >= 0) +- reloc->sym_ptr_ptr = +- PRIV (sections)[cur_psidx]->symbol_ptr_ptr; ++ { ++ if (PRIV (sections) == NULL) ++ return FALSE; ++ reloc->sym_ptr_ptr = ++ PRIV (sections)[cur_psidx]->symbol_ptr_ptr; ++ } + else + reloc->sym_ptr_ptr = NULL; + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-08-31 18:01:06.000000000 +0530 ++++ git/bfd/ChangeLog 2017-08-31 18:01:49.114384620 +0530 +@@ -31,7 +31,16 @@ + correct magic bytes at the start, set the error to wrong format + and clear the format selector before returning NULL. + +- 2017-06-19 Nick Clifton <nickc@redhat.com> ++ 2017-06-21 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/21637 ++ * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section ++ list. ++ (image_set_ptr): Likewise. ++ (alpha_vms_fix_sec_rel): Likewise. ++ (alpha_vms_slurp_relocs): Likewise. ++ ++2017-06-19 Nick Clifton <nickc@redhat.com> + + PR binutils/21618 + * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record |