diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-08-23 14:06:58 +0530 |
---|---|---|
committer | Armin Kuster <akuster@mvista.com> | 2017-11-23 17:40:45 -0800 |
commit | d42571ed3857d31a9ac0b4e1a57ba6d4c91d6d7b (patch) | |
tree | 9b3c462e470ba7aab2ae50c30c0e8592fdc0813f | |
parent | c9c4b0a47518b062f14b7fd7b8221a1ddf93eee7 (diff) | |
download | openembedded-core-contrib-d42571ed3857d31a9ac0b4e1a57ba6d4c91d6d7b.tar.gz |
binutils: CVE-2017-7226
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74283
Type: Security Fix
Disposition: Backport from binutils_v2_28
ChangeID: 82097a4b98d3d576e1b1bfb7ac9ae17fd153c909
Description:
Use strnlen to avoid running over the end of the string buffer.
Affects: <= 2.28
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch | 42 |
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 3f8a5fe19c..3c29f660cd 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -52,6 +52,7 @@ SRC_URI = "\ file://CVE-2017-9040_and_9042.patch \ file://CVE-2017-9041_1.patch \ file://CVE-2017-9041_2.patch \ + file://CVE-2017-7226.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch new file mode 100644 index 0000000000..7525f34324 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch @@ -0,0 +1,42 @@ +Fix seg-fault in the binutils utilities when reading a corrupt input file. + +PR binutils/20905 +* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over +the end of the string buffer. + +Upstream-Status: Backport + +CVE: CVE-2017-7226 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-08-23 13:59:16.868424171 +0530 ++++ git/bfd/ChangeLog 2017-08-23 14:03:22.683013823 +0530 +@@ -39,6 +39,12 @@ + (bfd_elf_final_link): Only initialize the extended symbol index + section if there are extended symbol tables to list. + ++2016-12-05 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/20905 ++ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over ++ the end of the string buffer. ++ + 2016-08-02 Nick Clifton <nickc@redhat.com> + + PR ld/17739 +Index: git/bfd/peicode.h +=================================================================== +--- git.orig/bfd/peicode.h 2017-08-23 13:59:06.948319100 +0530 ++++ git/bfd/peicode.h 2017-08-23 13:59:16.920424722 +0530 +@@ -1264,7 +1264,8 @@ + } + + symbol_name = (char *) ptr; +- source_dll = symbol_name + strlen (symbol_name) + 1; ++ /* See PR 20905 for an example of where the strnlen is necessary. */ ++ source_dll = symbol_name + strnlen (symbol_name, size - 1) + 1; + + /* Verify that the strings are null terminated. */ + if (ptr[size - 1] != 0 |