blob: caca7b107ead4d7dc00ee5e7ed12ae59416ce9ad (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
From 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Sun, 24 Sep 2017 21:36:18 +0930
Subject: [PATCH] PR22197, buffer overflow in bfd_get_debug_link_info_1
PR 22197
* opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
within section bounds.
Upstream-Status: Backport
Affects: <= 2.29.1
CVE: CVE-2017-15021
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
bfd/ChangeLog | 6 ++++++
bfd/opncls.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
Index: git/bfd/opncls.c
===================================================================
--- git.orig/bfd/opncls.c
+++ git/bfd/opncls.c
@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
/* PR 17597: avoid reading off the end of the buffer. */
crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
crc_offset = (crc_offset + 3) & ~3;
- if (crc_offset >= bfd_get_section_size (sect))
+ if (crc_offset + 4 > bfd_get_section_size (sect))
return NULL;
*crc32 = bfd_get_32 (abfd, contents + crc_offset);
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
@@ -1,5 +1,11 @@
2017-09-24 Alan Modra <amodra@gmail.com>
+ PR 22197
+ * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
+ within section bounds.
+
+2017-09-24 Alan Modra <amodra@gmail.com>
+
PR 22167
* dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
|