aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-07 16:22:27 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-15 10:22:29 +0100
commitec8861a2f280a3210f9423fd1b687bca6340b8ca (patch)
treea906ba26d04dcdb9af310491dff315e356edfdf3 /meta/recipes-devtools
parentab9e8161a3b89914d8664175a684675bc99d6f21 (diff)
downloadopenembedded-core-ec8861a2f280a3210f9423fd1b687bca6340b8ca.tar.gz
binutls: Security fix for CVE-2017-16832
Affects: <= 2.29.1 Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.29.1.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch61
2 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index d5db6e8da4..6611fdc3a6 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -59,6 +59,7 @@ SRC_URI = "\
file://CVE-2017-16829.patch \
file://CVE-2017-16830.patch \
file://CVE-2017-16831.patch \
+ file://CVE-2017-16832.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch
new file mode 100644
index 0000000000..9044bccf95
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch
@@ -0,0 +1,61 @@
+From 0bb6961f18b8e832d88b490d421ca56cea16c45b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 31 Oct 2017 14:29:40 +0000
+Subject: [PATCH] Fix illegal memory access triggered when parsing a PE binary
+ with a corrupt data dictionary.
+
+ PR 22373
+ * peicode.h (pe_bfd_read_buildid): Check for invalid size and data
+ offset values.
+
+Upstrem-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16832
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/peicode.h | 9 ++++++---
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+Index: git/bfd/peicode.h
+===================================================================
+--- git.orig/bfd/peicode.h
++++ git/bfd/peicode.h
+@@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd)
+ bfd_byte *data = 0;
+ bfd_size_type dataoff;
+ unsigned int i;
+-
+ bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress;
+ bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size;
+
+@@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd)
+
+ dataoff = addr - section->vma;
+
+- /* PR 20605: Make sure that the data is really there. */
+- if (dataoff + size > section->size)
++ /* PR 20605 and 22373: Make sure that the data is really there.
++ Note - since we are dealing with unsigned quantities we have
++ to be careful to check for potential overflows. */
++ if (dataoff > section->size
++ || size > section->size
++ || dataoff + size > section->size)
+ {
+ _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."),
+ abfd);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-31 Nick Clifton <nickc@redhat.com>
++
++ PR 22373
++ * peicode.h (pe_bfd_read_buildid): Check for invalid size and data
++ offset values.
++
+ 2017-11-03 Mingi Cho <mgcho.minic@gmail.com>
+ Nick Clifton <nickc@redhat.com>
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-24 09:19:40 +0000