diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch new file mode 100644 index 0000000000..9527390ccf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch @@ -0,0 +1,64 @@ +From d6e1d48c83b165c129cb0aa78905f7ca80a1f682 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Fri, 17 Jun 2022 09:13:38 +0930 +Subject: [PATCH] PR29255, memory leak in make_tempdir + + PR 29255 + * bucomm.c (make_tempdir, make_tempname): Free template on all + failure paths. +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682] +CVE: CVE-2022-47008 +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +Comment: Patch refreshed based on codebase. +--- + binutils/bucomm.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/binutils/bucomm.c b/binutils/bucomm.c +index fdc2209df9c..4395cb9f7f5 100644 +--- a/binutils/bucomm.c ++++ b/binutils/bucomm.c +@@ -542,8 +542,9 @@ + #else + tmpname = mktemp (tmpname); + if (tmpname == NULL) +- return NULL; +- fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); ++ fd = -1; ++ else ++ fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); + #endif + if (fd == -1) + { +@@ -561,22 +562,23 @@ + make_tempdir (const char *filename) + { + char *tmpname = template_in_dir (filename); ++ char *ret; + + #ifdef HAVE_MKDTEMP +- return mkdtemp (tmpname); ++ ret = mkdtemp (tmpname); + #else +- tmpname = mktemp (tmpname); +- if (tmpname == NULL) +- return NULL; ++ ret = mktemp (tmpname); + #if defined (_WIN32) && !defined (__CYGWIN32__) + if (mkdir (tmpname) != 0) +- return NULL; ++ ret = NULL; + #else + if (mkdir (tmpname, 0700) != 0) +- return NULL; ++ ret = NULL; + #endif +- return tmpname; + #endif ++ if (ret == NULL) ++ free (tmpname); ++ return ret; + } + + /* Parse a string into a VMA, with a fatal error if it can't be + |