diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch new file mode 100644 index 0000000000..07d1d65467 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch @@ -0,0 +1,51 @@ +From 30bcc01478433a1cb05b36dc5c4beef7d2c89b5b Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Fri, 21 Jun 2019 11:51:38 +0930 +Subject: [PATCH] PR24689, string table corruption + +The testcase in the PR had a e_shstrndx section of type SHT_GROUP. +hdr->contents were initialized by setup_group rather than being read +from the file, thus last byte was not zero and string dereference ran +off the end of the buffer. + + PR 24689 + * elfcode.h (elf_object_p): Check type of e_shstrndx section. + +Upstream-Status: Backport +CVE: CVE-2019-12972 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + bfd/ChangeLog | 5 +++++ + bfd/elfcode.h | 3 ++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/bfd/ChangeLog b/bfd/ChangeLog +index 91f09e6346..e66fb40a2c 100644 +--- a/bfd/ChangeLog ++++ b/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2019-06-21 Alan Modra <amodra@gmail.com> ++ ++ PR 24689 ++ * elfcode.h (elf_object_p): Check type of e_shstrndx section. ++ + 2019-02-20 Alan Modra <amodra@gmail.com> + + PR 24236 +diff --git a/bfd/elfcode.h b/bfd/elfcode.h +index ec5ea766de..a35a629087 100644 +--- a/bfd/elfcode.h ++++ b/bfd/elfcode.h +@@ -755,7 +755,8 @@ elf_object_p (bfd *abfd) + /* A further sanity check. */ + if (i_ehdrp->e_shnum != 0) + { +- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)) ++ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd) ++ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB) + { + /* PR 2257: + We used to just goto got_wrong_format_error here +-- +2.20.1 + |