aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch')
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch52
1 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch
new file mode 100644
index 0000000000..36b4259fde
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch
@@ -0,0 +1,52 @@
+commit daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Dec 5 12:25:34 2016 +0000
+
+ Fix seg-fault in linker parsing a corrupt input file.
+
+ PR ld/20924
+ (aout_link_add_symbols): Fix off by one error checking for
+ overflow of string offset.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7301
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 15:42:15.244812577 +0530
++++ git/bfd/ChangeLog 2017-09-04 15:51:36.573466525 +0530
+@@ -120,6 +120,10 @@
+ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+ the end of the string buffer.
+
++ PR ld/20924
++ (aout_link_add_symbols): Fix off by one error checking for
++ overflow of string offset.
++
+ 2016-12-01 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20891
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h 2017-09-04 15:42:15.244812577 +0530
++++ git/bfd/aoutx.h 2017-09-04 15:49:36.500479341 +0530
+@@ -3091,7 +3091,7 @@
+ BFD_ASSERT (p + 1 < pend);
+ ++p;
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ return FALSE;
+ string = strings + GET_WORD (abfd, p->e_strx);
+ section = bfd_ind_section_ptr;
+@@ -3127,7 +3127,7 @@
+ ++p;
+ string = name;
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ return FALSE;
+ name = strings + GET_WORD (abfd, p->e_strx);
+ section = bfd_und_section_ptr;
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 01:46:58 +0000