blob: 7525f34324027c933d2984fa7e19090236ed8e4f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
Fix seg-fault in the binutils utilities when reading a corrupt input file.
PR binutils/20905
* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
the end of the string buffer.
Upstream-Status: Backport
CVE: CVE-2017-7226
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog 2017-08-23 13:59:16.868424171 +0530
+++ git/bfd/ChangeLog 2017-08-23 14:03:22.683013823 +0530
@@ -39,6 +39,12 @@
(bfd_elf_final_link): Only initialize the extended symbol index
section if there are extended symbol tables to list.
+2016-12-05 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20905
+ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+ the end of the string buffer.
+
2016-08-02 Nick Clifton <nickc@redhat.com>
PR ld/17739
Index: git/bfd/peicode.h
===================================================================
--- git.orig/bfd/peicode.h 2017-08-23 13:59:06.948319100 +0530
+++ git/bfd/peicode.h 2017-08-23 13:59:16.920424722 +0530
@@ -1264,7 +1264,8 @@
}
symbol_name = (char *) ptr;
- source_dll = symbol_name + strlen (symbol_name) + 1;
+ /* See PR 20905 for an example of where the strnlen is necessary. */
+ source_dll = symbol_name + strnlen (symbol_name, size - 1) + 1;
/* Verify that the strings are null terminated. */
if (ptr[size - 1] != 0
|
