diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 16:34:32 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:09:45 +0000 |
commit | 315608a626f9e21d198d1600ded69114ac1e16d1 (patch) | |
tree | 101a1f9f5acacbc904dfe6ac2e863a3c2bed0339 /meta/recipes-devtools/binutils | |
parent | 650a5b69c4ae7cf91d13993225877d0187bcb65e (diff) | |
download | openembedded-core-315608a626f9e21d198d1600ded69114ac1e16d1.tar.gz |
binutils: CVE-2017-7301
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74231
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: 1fbae9f71e3ad90f930f8b25d550de964e05c259
Description:
Fix seg-fault in linker parsing a corrupt input file.
PR ld/20924
(aout_link_add_symbols): Fix off by one error checking for
overflow of string offset.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch | 52 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 54cdcc7bb5..59e46b8bf4 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -63,6 +63,7 @@ SRC_URI = "\ file://CVE-2017-7224.patch \ file://CVE-2017-7225.patch \ file://CVE-2017-7227.patch \ + file://CVE-2017-7301.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch new file mode 100644 index 0000000000..36b4259fde --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch @@ -0,0 +1,52 @@ +commit daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d +Author: Nick Clifton <nickc@redhat.com> +Date: Mon Dec 5 12:25:34 2016 +0000 + + Fix seg-fault in linker parsing a corrupt input file. + + PR ld/20924 + (aout_link_add_symbols): Fix off by one error checking for + overflow of string offset. + +Upstream-Status: Backport + +CVE: CVE-2017-7301 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-04 15:42:15.244812577 +0530 ++++ git/bfd/ChangeLog 2017-09-04 15:51:36.573466525 +0530 +@@ -120,6 +120,10 @@ + * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over + the end of the string buffer. + ++ PR ld/20924 ++ (aout_link_add_symbols): Fix off by one error checking for ++ overflow of string offset. ++ + 2016-12-01 Nick Clifton <nickc@redhat.com> + + PR binutils/20891 +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h 2017-09-04 15:42:15.244812577 +0530 ++++ git/bfd/aoutx.h 2017-09-04 15:49:36.500479341 +0530 +@@ -3091,7 +3091,7 @@ + BFD_ASSERT (p + 1 < pend); + ++p; + /* PR 19629: Corrupt binaries can contain illegal string offsets. */ +- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) ++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd)) + return FALSE; + string = strings + GET_WORD (abfd, p->e_strx); + section = bfd_ind_section_ptr; +@@ -3127,7 +3127,7 @@ + ++p; + string = name; + /* PR 19629: Corrupt binaries can contain illegal string offsets. */ +- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) ++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd)) + return FALSE; + name = strings + GET_WORD (abfd, p->e_strx); + section = bfd_und_section_ptr; |