diff options
author | Armin Kuster <akuster@mvista.com> | 2018-08-06 19:47:00 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-15 10:22:29 +0100 |
commit | acac226dd46a0e27da51db75197f57dd45254502 (patch) | |
tree | f8aabc15802fe6ba5593194fb17755a52b64b883 | |
parent | ee5ad659a9f2ea1714e3ae51ca1948f165fb21d3 (diff) | |
download | openembedded-core-contrib-acac226dd46a0e27da51db75197f57dd45254502.tar.gz |
binutls: Security fix for CVE-2017-16826
Affects: <= 2.29.1
Signed-off-by: Armin Kuster <akuster@mvista.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch | 53 |
2 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index cf131c62a0..73af74c0a8 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -52,6 +52,7 @@ SRC_URI = "\ file://CVE-2017-15225.patch \ file://CVE-2017-15939.patch \ file://CVE-2017-15996.patch \ + file://CVE-2017-16826.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch new file mode 100644 index 0000000000..bb24ba8834 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch @@ -0,0 +1,53 @@ +From a67d66eb97e7613a38ffe6622d837303b3ecd31d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 1 Nov 2017 15:21:46 +0000 +Subject: [PATCH] Prevent illegal memory accesses when attempting to read + excessively large COFF line number tables. + + PR 22376 + * coffcode.h (coff_slurp_line_table): Check for an excessively + large line number count. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16826 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffcode.h | 8 ++++++++ + 2 files changed, 14 insertions(+) + +Index: git/bfd/coffcode.h +=================================================================== +--- git.orig/bfd/coffcode.h ++++ git/bfd/coffcode.h +@@ -4578,6 +4578,14 @@ coff_slurp_line_table (bfd *abfd, asecti + + BFD_ASSERT (asect->lineno == NULL); + ++ if (asect->lineno_count > asect->size) ++ { ++ _bfd_error_handler ++ (_("%B: warning: line number count (%#lx) exceeds section size (%#lx)"), ++ abfd, (unsigned long) asect->lineno_count, (unsigned long) asect->size); ++ return FALSE; ++ } ++ + amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent); + lineno_cache = (alent *) bfd_alloc (abfd, amt); + if (lineno_cache == NULL) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-01 Nick Clifton <nickc@redhat.com> ++ ++ PR 22376 ++ * coffcode.h (coff_slurp_line_table): Check for an excessively ++ large line number count. ++ + 2017-10-28 Alan Modra <amodra@gmail.com> + + PR 22361 |