diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch | 55 |
2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 2f9b4fee02..db7305a954 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -70,6 +70,7 @@ SRC_URI = "\ file://CVE-2018-10534.patch \ file://CVE-2018-10535.patch \ file://CVE-2018-13033.patch \ + file://CVE-2018-6323.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch new file mode 100644 index 0000000000..2c6b1b2427 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch @@ -0,0 +1,55 @@ +From 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 25 Jan 2018 21:47:41 +1030 +Subject: [PATCH] PR22746, crash when running 32-bit objdump on corrupted file + +Avoid unsigned int overflow by performing bfd_size_type multiplication. + + PR 22746 + * elfcode.h (elf_object_p): Avoid integer overflow. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2018-6323 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/elfcode.h | 4 ++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +Index: git/bfd/elfcode.h +=================================================================== +--- git.orig/bfd/elfcode.h ++++ git/bfd/elfcode.h +@@ -680,7 +680,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp)) + goto got_wrong_format_error; + #endif +- amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum; ++ amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum; + i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt); + if (!i_shdrp) + goto got_no_match; +@@ -776,7 +776,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr)) + goto got_wrong_format_error; + #endif +- amt = i_ehdrp->e_phnum * sizeof (*i_phdr); ++ amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr); + elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt); + if (elf_tdata (abfd)->phdr == NULL) + goto got_no_match; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-01-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22746 ++ * elfcode.h (elf_object_p): Avoid integer overflow. ++ + 2018-05-08 Nick Clifton <nickc@redhat.com> + + PR 22809 |