diff options
author | Armin Kuster <akuster@mvista.com> | 2018-08-06 18:53:37 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-15 10:22:28 +0100 |
commit | 755fd4e68af4cdafc482c02b7822cc06215da4fb (patch) | |
tree | d263f07a3250df7ac3a29a1b2b5608a38434032d /meta | |
parent | c19aa7eafd38639095b415efc16dba3777507d70 (diff) | |
download | openembedded-core-contrib-755fd4e68af4cdafc482c02b7822cc06215da4fb.tar.gz |
binutls: Security fix for CVE-2017-15023
affects: <= 2.29.1
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch | 52 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 191d8e1255..caff121b75 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -46,6 +46,7 @@ SRC_URI = "\ file://CVE-2017-14940.patch \ file://CVE-2017-15021.patch \ file://CVE-2017-15022.patch \ + file://CVE-2017-15023.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch new file mode 100644 index 0000000000..9439b7b55f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch @@ -0,0 +1,52 @@ +From c361faae8d964db951b7100cada4dcdc983df1bf Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 19:03:46 +0930 +Subject: [PATCH] PR22200, DWARF5 .debug_line sanity check + +The format_count entry can't be zero unless the count is also zero. + + PR 22200 + * dwarf2.c (read_formatted_entries): Error on format_count zero. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15023 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 7 +++++++ + 2 files changed, 12 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1934,6 +1934,13 @@ read_formatted_entries (struct comp_unit + data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end); + buf += bytes_read; + ++ if (format_count == 0 && data_count != 0) ++ { ++ _bfd_error_handler (_("Dwarf Error: Zero format count.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ + /* PR 22210. Paranoia check. Don't bother running the loop + if we know that we are going to run out of buffer. */ + if (data_count > (bfd_vma) (buf_end - buf)) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,9 @@ + 2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22200 ++ * dwarf2.c (read_formatted_entries): Error on format_count zero. ++ ++2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22201 + * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it |