diff options
| author |   Manjunath S Matti <mmatti@mvista.com> | 2017-09-13 16:02:32 +0530 |
|---|---|---|
| committer |   Armin Kuster <akuster@mvista.com> | 2017-11-23 17:40:47 -0800 |
| commit | a384e71bea3175d357caf7195bd7f7a290404620 (patch) | |
| tree | 56441d9c0a8b763c4e70cb5ccbe0de843b323cd2 /meta | |
| parent | 4196d5c2835bf18b352e4d583a4be0c959152752 (diff) | |
| download | openembedded-core-contrib-a384e71bea3175d357caf7195bd7f7a290404620.tar.gz | |
Fix seg-fault in the linker when examining a corrupt binary.
Source: https://sourceware.org/
MR: 74244
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=531336e3a0b79ed60cfc36ad2d6579b6a71175da
ChangeID: 69cc8699fcb0655f3a48778e514552dfaea7229c
Description:
Fix seg-fault in the linker when examining a corrupt binary.
PR ld/20909
* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
for an illegal string offset.
CVE: CVE-2017-7300
Affects: < 2.27-r0.9.1
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Manjunath S Matti <mmatti@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch | 55 |
2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index a5122c5d5c0..23aac6bd5e5 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -70,6 +70,7 @@ SRC_URI = "\ file://CVE-2017-8393.patch \ file://CVE-2017-8395.patch \ file://CVE-2017-8397.patch \ + file://CVE-2017-7300.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch new file mode 100644 index 00000000000..c4432e76b04 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch @@ -0,0 +1,55 @@ +From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Fri, 2 Dec 2016 16:41:14 +0000 +Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary. + + PR ld/20909 + * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check + for an illegal string offset. + +Upstream-Status: Backport +CVE: CVE-2017-7300 +VER: < 2.27-r0.9.1 +Signed-off-by: Manjunath Matti <mmatti@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/aoutx.h | 3 +-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/bfd/ChangeLog b/bfd/ChangeLog +index d061e66..c8085e7 100644 +--- a/bfd/ChangeLog ++++ b/bfd/ChangeLog +@@ -175,6 +175,12 @@ + * aoutx.h (find_nearest_line): Handle the case where the function + name is empty. + ++2016-12-02 Nick Clifton <nickc@redhat.com> ++ ++ PR ld/20909 ++ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check ++ for an illegal string offset. ++ + 2016-08-02 Nick Clifton <nickc@redhat.com> + + PR ld/17739 +diff --git a/bfd/aoutx.h b/bfd/aoutx.h +index 4308679..b9ac2b7 100644 +--- a/bfd/aoutx.h ++++ b/bfd/aoutx.h +@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info) + continue; + + /* PR 19629: Corrupt binaries can contain illegal string offsets. */ +- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) ++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd)) + return FALSE; + name = strings + GET_WORD (abfd, p->e_strx); +- + value = GET_WORD (abfd, p->e_value); + flags = BSF_GLOBAL; + string = NULL; +-- +2.9.3 + |