diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 18:31:38 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:09:45 +0000 |
commit | addac2e8f6f6132807a590a032a4292079542fbe (patch) | |
tree | 71cfa59148a5e1c0f1b7678d31c97b424e66d0e8 /meta/recipes-devtools/binutils | |
parent | 24124406a2a1657b80ba2933bef40ccf798c8097 (diff) | |
download | openembedded-core-contrib-addac2e8f6f6132807a590a032a4292079542fbe.tar.gz |
binutils: CVE-2017-8395
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74153
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 27dce214c561f9ae6f874990432f9d76a7de29d4
Description:
Fix seg-fault attempting to compress a debug section in a corrupt binary.
PR binutils/21431
* compress.c (bfd_init_section_compress_status): Check the return
value from bfd_malloc.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch | 72 |
2 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 447de53946..ecb0cdf094 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -68,6 +68,7 @@ SRC_URI = "\ file://CVE-2017-7303.patch \ file://CVE-2017-7304.patch \ file://CVE-2017-8393.patch \ + file://CVE-2017-8395.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch new file mode 100644 index 0000000000..42793e133b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch @@ -0,0 +1,72 @@ +commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3 +Author: Nick Clifton <nickc@redhat.com> +Date: Wed Apr 26 13:07:49 2017 +0100 + + Fix seg-fault attempting to compress a debug section in a corrupt binary. + + PR binutils/21431 + * compress.c (bfd_init_section_compress_status): Check the return + value from bfd_malloc. + +Upstream-Status: Backport + +CVE: CVE-2017-8395 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/compress.c +=================================================================== +--- git.orig/bfd/compress.c 2017-09-04 17:55:00.546577566 +0530 ++++ git/bfd/compress.c 2017-09-04 17:55:10.770664577 +0530 +@@ -534,7 +534,6 @@ + { + bfd_size_type uncompressed_size; + bfd_byte *uncompressed_buffer; +- bfd_boolean ret; + + /* Error if not opened for read. */ + if (abfd->direction != read_direction +@@ -550,18 +549,18 @@ + /* Read in the full section contents and compress it. */ + uncompressed_size = sec->size; + uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size); ++ /* PR 21431 */ ++ if (uncompressed_buffer == NULL) ++ return FALSE; ++ + if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer, + 0, uncompressed_size)) +- ret = FALSE; +- else +- { +- uncompressed_size = bfd_compress_section_contents (abfd, sec, +- uncompressed_buffer, +- uncompressed_size); +- ret = uncompressed_size != 0; +- } ++ return FALSE; + +- return ret; ++ uncompressed_size = bfd_compress_section_contents (abfd, sec, ++ uncompressed_buffer, ++ uncompressed_size); ++ return uncompressed_size != 0; + } + + /* +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-04 17:55:10.714664101 +0530 ++++ git/bfd/ChangeLog 2017-09-04 17:56:40.991431847 +0530 +@@ -73,6 +73,12 @@ + (evax_bfd_print_egsd): Check for an overlarge record length. + (evax_bfd_print_etir): Likewise. + ++2017-04-26 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/21431 ++ * compress.c (bfd_init_section_compress_status): Check the return ++ value from bfd_malloc. ++ + 2017-04-25 Maciej W. Rozycki <macro@imgtec.com> + + * readelf.c (process_mips_specific): Remove error reporting from |