diff options
author | Armin Kuster <akuster@mvista.com> | 2019-08-31 15:56:48 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-09-04 09:29:20 -0700 |
commit | 16f4520f5cb581eb93bd3f0e3aa1feecc5c567ba (patch) | |
tree | c29d1485351d13fa82bc1dea1f1193b572d18537 | |
parent | a367928942411b36a0b0bbb95055d01548430e8e (diff) | |
download | openembedded-core-contrib-16f4520f5cb581eb93bd3f0e3aa1feecc5c567ba.tar.gz |
binutils: Security fix for CVE-2019-12972
Source: git://sourceware.org / binutils-gdb.git
MR: 98770
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
ChangeID: 7ced6bffbe01cbeadf50177eb332eef514baa19c
Description:
Fixes CVE-2019-12972
Signed-off-by: Armin Kuster <akuster@mvista.com>
[v2]
forgot to refresh inc file before sending
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.31.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch | 39 |
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.31.inc b/meta/recipes-devtools/binutils/binutils-2.31.inc index 247f779a79..e1a6673b7f 100644 --- a/meta/recipes-devtools/binutils/binutils-2.31.inc +++ b/meta/recipes-devtools/binutils/binutils-2.31.inc @@ -47,6 +47,7 @@ SRC_URI = "\ file://CVE-2018-18606.patch \ file://CVE-2018-18607.patch \ file://CVE-2019-14444.patch \ + file://CVE-2019-12972.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch new file mode 100644 index 0000000000..3e95b9221a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch @@ -0,0 +1,39 @@ +From 890f750a3b053532a4b839a2dd6243076de12031 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Fri, 21 Jun 2019 11:51:38 +0930 +Subject: [PATCH] PR24689, string table corruption + +The testcase in the PR had a e_shstrndx section of type SHT_GROUP. +hdr->contents were initialized by setup_group rather than being read +from the file, thus last byte was not zero and string dereference ran +off the end of the buffer. + + PR 24689 + * elfcode.h (elf_object_p): Check type of e_shstrndx section. + +Upstream-Status: Backport +https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031 + +CVE: CVE-2019-12972 +Affects: <= 2.23.0 +Dropped Changelog +Signed-off-by Armin Kuster <akuster@mvista.com> +--- + bfd/ChangeLog | 5 +++++ + bfd/elfcode.h | 3 ++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/elfcode.h +=================================================================== +--- git.orig/bfd/elfcode.h ++++ git/bfd/elfcode.h +@@ -747,7 +747,8 @@ elf_object_p (bfd *abfd) + /* A further sanity check. */ + if (i_ehdrp->e_shnum != 0) + { +- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)) ++ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd) ++ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB) + { + /* PR 2257: + We used to just goto got_wrong_format_error here |