diff options
| author |   Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-13 17:14:14 +0530 |
|---|---|---|
| committer |   Armin Kuster <akuster@mvista.com> | 2017-11-23 17:40:47 -0800 |
| commit | 625a7950b4a5e58f4fa5b30bc29690cc161bfffe (patch) | |
| tree | 29028d7ac76eed2ac4d9bb114a828289249a3cfe | |
| parent | 419a030b617f22a603b7b1305e5ac303e5159933 (diff) | |
| download | meta-openembedded-contrib-625a7950b4a5e58f4fa5b30bc29690cc161bfffe.tar.gz | |
binutils: CVE-2017-8421
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74140
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 5f6dd48c427de8663c5a80af6db44ce5c579d42c
Description:
Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
PR 21440
* objdump.c (dump_relocs_in_section): Check for an excessive
number of relocs before attempting to dump them.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch | 51 |
2 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 014655f7df..3e514fc042 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -72,6 +72,7 @@ SRC_URI = "\ file://CVE-2017-8397.patch \ file://CVE-2017-7300.patch \ file://CVE-2017-8396.patch \ + file://CVE-2017-8421.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch new file mode 100644 index 0000000000..da6e475828 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch @@ -0,0 +1,51 @@ +commit 39ff1b79f687b65f4144ddb379f22587003443fb +Author: Nick Clifton <nickc@redhat.com> +Date: Tue May 2 11:54:53 2017 +0100 + + Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs. + + PR 21440 + * objdump.c (dump_relocs_in_section): Check for an excessive + number of relocs before attempting to dump them. + +Upstream-Status: Backport + +CVE: CVE-2017-8421 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/binutils/objdump.c +=================================================================== +--- git.orig/binutils/objdump.c 2017-09-05 11:34:23.140802515 +0530 ++++ git/binutils/objdump.c 2017-09-05 11:34:28.716824776 +0530 +@@ -3238,6 +3238,14 @@ + return; + } + ++ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0 ++ && relsize > get_file_size (bfd_get_filename (abfd))) ++ { ++ printf (" (too many: 0x%x)\n", section->reloc_count); ++ bfd_set_error (bfd_error_file_truncated); ++ bfd_fatal (bfd_get_filename (abfd)); ++ } ++ + relpp = (arelent **) xmalloc (relsize); + relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms); + +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog 2017-09-05 11:34:28.040822070 +0530 ++++ git/binutils/ChangeLog 2017-09-05 11:36:02.413217129 +0530 +@@ -4,6 +4,12 @@ + * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty + string whilst concatenating symbol names. + ++2017-05-02 Nick Clifton <nickc@redhat.com> ++ ++ PR 21440 ++ * objdump.c (dump_relocs_in_section): Check for an excessive ++ number of relocs before attempting to dump them. ++ + 2017-02-14 Nick Clifton <nickc@redhat.com> + + PR binutils/21157 |