diff options
author | Li xin <lixin.fnst@cn.fujitsu.com> | 2015-01-22 14:41:20 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-01-29 10:37:53 +0000 |
commit | c992868a989926eac6c4b78a6bb9729bce54f2ed (patch) | |
tree | 787f64488935e37bf62db25ee973101b8b5cd828 /meta/recipes-devtools/elfutils/elfutils-0.148 | |
parent | fda535d5b5239b091c79e957f68a45d4eab0ab5d (diff) | |
download | openembedded-core-contrib-c992868a989926eac6c4b78a6bb9729bce54f2ed.tar.gz |
elfutils_0.148.bb: CVE-2014-9447 fix
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-devtools/elfutils/elfutils-0.148')
-rw-r--r-- | meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch new file mode 100644 index 0000000000..84e8ddcca7 --- /dev/null +++ b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch @@ -0,0 +1,36 @@ +From 323ca04a0c9189544075c19b49da67f6443a8950 Mon Sep 17 00:00:00 2001 +From: Li xin <lixin.fnst@cn.fujitsu.com> +Date: Wed, 21 Jan 2015 09:33:38 +0900 +Subject: [PATCH] elf_begin.c: CVE-2014-9447 fix + +this patch is from: + https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e + +Upstream-Status: Backport + +Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> +--- + libelf/elf_begin.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c +index e46add3..e83ba35 100644 +--- a/libelf/elf_begin.c ++++ b/libelf/elf_begin.c +@@ -736,11 +736,8 @@ read_long_names (Elf *elf) + break; + + /* NUL-terminate the string. */ +- *runp = '\0'; +- +- /* Skip the NUL byte and the \012. */ +- runp += 2; +- ++ *runp++ = '\0'; ++ + /* A sanity check. Somebody might have generated invalid + archive. */ + if (runp >= newp + len) +-- +1.8.4.2 + |