diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch new file mode 100644 index 0000000000..a3fff65409 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch @@ -0,0 +1,67 @@ +From: Alan Modra <amodra@gmail.com> +Date: Thu, 16 Jun 2022 23:43:38 +0000 (+0930) +Subject: PR29255, memory leak in make_tempdir +X-Git-Tag: binutils-2_39~236 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682 + +PR29255, memory leak in make_tempdir + + PR 29255 + * bucomm.c (make_tempdir, make_tempname): Free template on all + failure paths. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682] + +CVE: CVE-2022-47008 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +--- + +diff --git a/binutils/bucomm.c b/binutils/bucomm.c +index fdc2209df9c..4395cb9f7f5 100644 +--- a/binutils/bucomm.c ++++ b/binutils/bucomm.c +@@ -537,8 +537,9 @@ make_tempname (const char *filename, int *ofd) + #else + tmpname = mktemp (tmpname); + if (tmpname == NULL) +- return NULL; +- fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); ++ fd = -1; ++ else ++ fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); + #endif + if (fd == -1) + { +@@ -556,22 +557,23 @@ char * + make_tempdir (const char *filename) + { + char *tmpname = template_in_dir (filename); ++ char *ret; + + #ifdef HAVE_MKDTEMP +- return mkdtemp (tmpname); ++ ret = mkdtemp (tmpname); + #else +- tmpname = mktemp (tmpname); +- if (tmpname == NULL) +- return NULL; ++ ret = mktemp (tmpname); + #if defined (_WIN32) && !defined (__CYGWIN32__) + if (mkdir (tmpname) != 0) +- return NULL; ++ ret = NULL; + #else + if (mkdir (tmpname, 0700) != 0) +- return NULL; ++ ret = NULL; + #endif +- return tmpname; + #endif ++ if (ret == NULL) ++ free (tmpname); ++ return ret; + } + + /* Parse a string into a VMA, with a fatal error if it can't be |