diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-08-30 17:51:17 +0530 |
---|---|---|
committer | Armin Kuster <akuster@mvista.com> | 2017-11-23 17:40:45 -0800 |
commit | b8eb2810d4efa5310ed7dbd64716d3d927754832 (patch) | |
tree | 9afa2d77a18ae929e5204e74ca5694237bdef30c | |
parent | d42571ed3857d31a9ac0b4e1a57ba6d4c91d6d7b (diff) | |
download | openembedded-core-contrib-b8eb2810d4efa5310ed7dbd64716d3d927754832.tar.gz |
binutils: CVE-2017-12448
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73880
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: 6ef7c8e941d7a1c069b29e4671178c0d02427e3f
Description:
Fix use-after-free error when parsing a corrupt nested archive.
PR 21787
* archive.c (bfd_generic_archive_p): If the bfd does not have the
correct magic bytes at the start, set the error to wrong format
and clear the format selector before returning NULL.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch | 49 |
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 3c29f660cd..772df0af30 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -53,6 +53,7 @@ SRC_URI = "\ file://CVE-2017-9041_1.patch \ file://CVE-2017-9041_2.patch \ file://CVE-2017-7226.patch \ + file://CVE-2017-12448.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch new file mode 100644 index 0000000000..039166cfb9 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch @@ -0,0 +1,49 @@ +commit 909e4e716c4d77e33357bbe9bc902bfaf2e1af24 +Author: Nick Clifton <nickc@redhat.com> +Date: Wed Jul 19 14:49:12 2017 +0100 + + Fix use-after-free error when parsing a corrupt nested archive. + + PR 21787 + * archive.c (bfd_generic_archive_p): If the bfd does not have the + correct magic bytes at the start, set the error to wrong format + and clear the format selector before returning NULL. + +Upstream-Status: Backport + +CVE: CVE-2017-12448 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/archive.c +=================================================================== +--- git.orig/bfd/archive.c 2017-08-30 16:44:10.848601412 +0530 ++++ git/bfd/archive.c 2017-08-30 16:44:21.400855758 +0530 +@@ -834,7 +834,12 @@ + if (strncmp (armag, ARMAG, SARMAG) != 0 + && strncmp (armag, ARMAGB, SARMAG) != 0 + && ! bfd_is_thin_archive (abfd)) +- return NULL; ++ { ++ bfd_set_error (bfd_error_wrong_format); ++ if (abfd->format == bfd_archive) ++ abfd->format = bfd_unknown; ++ return NULL; ++ } + + tdata_hold = bfd_ardata (abfd); + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-08-30 16:44:21.340854320 +0530 ++++ git/bfd/ChangeLog 2017-08-30 16:46:48.716143277 +0530 +@@ -1,3 +1,10 @@ ++2017-07-19 Nick Clifton <nickc@redhat.com> ++ ++ PR 21787 ++ * archive.c (bfd_generic_archive_p): If the bfd does not have the ++ correct magic bytes at the start, set the error to wrong format ++ and clear the format selector before returning NULL. ++ + 2017-04-25 Maciej W. Rozycki <macro@imgtec.com> + + * readelf.c (process_mips_specific): Remove error reporting from |