diff options
| author |   Armin Kuster <akuster@mvista.com> | 2018-08-06 14:16:09 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-15 10:22:27 +0100 |
| commit | 45de3690367c8e0adf443a2f2630ecf8791789d6 (patch) | |
| tree | 3a7a78e55aa55748f490153571dc137625a86e08 /meta/recipes-devtools | |
| parent | b7715d4782cf956c198eaa6b43a6bf11fe8ece7c (diff) | |
| download | openembedded-core-45de3690367c8e0adf443a2f2630ecf8791789d6.tar.gz | |
binutls: Security fix for CVE-2017-14938
Affects: <= 2.29.1
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta/recipes-devtools')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch | 64 |
2 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 1962f5c303..c7c755fcb3 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -41,6 +41,7 @@ SRC_URI = "\ file://CVE-2017-14933_p1.patch \ file://CVE-2017-14933_p2.patch \ file://CVE-2017-14934.patch \ + file://CVE-2017-14938.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch new file mode 100644 index 0000000000..e62c73c06d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch @@ -0,0 +1,64 @@ +From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:34:57 +0930 +Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation + +The sanity check covers the previous minimim size, plus that the size +is at least enough for sh_info verneed entries. + +Also, since we write all verneed fields or exit with an error, there +isn't any need to zero the memory allocated for verneed entries. + + PR 22166 + * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on + SHT_GNU_verneed section for sanity. Don't zalloc memory for + verref. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14938 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/elf.c | 5 +++-- + 2 files changed, 10 insertions(+), 2 deletions(-) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd + + hdr = &elf_tdata (abfd)->dynverref_hdr; + +- if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed)) ++ if (hdr->sh_info == 0 ++ || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed)) + { + error_return_bad_verref: + _bfd_error_handler +@@ -8219,7 +8220,7 @@ error_return_verref: + goto error_return_verref; + + elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) +- bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); ++ bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); + + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22166 ++ * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on ++ SHT_GNU_verneed section for sanity. Don't zalloc memory for ++ verref. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22210 |