diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch new file mode 100644 index 0000000000..36b4259fde --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch @@ -0,0 +1,52 @@ +commit daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d +Author: Nick Clifton <nickc@redhat.com> +Date: Mon Dec 5 12:25:34 2016 +0000 + + Fix seg-fault in linker parsing a corrupt input file. + + PR ld/20924 + (aout_link_add_symbols): Fix off by one error checking for + overflow of string offset. + +Upstream-Status: Backport + +CVE: CVE-2017-7301 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-04 15:42:15.244812577 +0530 ++++ git/bfd/ChangeLog 2017-09-04 15:51:36.573466525 +0530 +@@ -120,6 +120,10 @@ + * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over + the end of the string buffer. + ++ PR ld/20924 ++ (aout_link_add_symbols): Fix off by one error checking for ++ overflow of string offset. ++ + 2016-12-01 Nick Clifton <nickc@redhat.com> + + PR binutils/20891 +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h 2017-09-04 15:42:15.244812577 +0530 ++++ git/bfd/aoutx.h 2017-09-04 15:49:36.500479341 +0530 +@@ -3091,7 +3091,7 @@ + BFD_ASSERT (p + 1 < pend); + ++p; + /* PR 19629: Corrupt binaries can contain illegal string offsets. */ +- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) ++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd)) + return FALSE; + string = strings + GET_WORD (abfd, p->e_strx); + section = bfd_ind_section_ptr; +@@ -3127,7 +3127,7 @@ + ++p; + string = name; + /* PR 19629: Corrupt binaries can contain illegal string offsets. */ +- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) ++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd)) + return FALSE; + name = strings + GET_WORD (abfd, p->e_strx); + section = bfd_und_section_ptr; |