aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
blob: 7969c66f304dfba29220087936feee878282c9d1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
From 39ff1b79f687b65f4144ddb379f22587003443fb Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 2 May 2017 11:54:53 +0100
Subject: [PATCH] Prevent memory exhaustion from a corrupt PE binary with an
 overlarge number of relocs.

	PR 21440
	* objdump.c (dump_relocs_in_section): Check for an excessive
	number of relocs before attempting to dump them.

Upstream-Status: Backport
CVE: CVE-2017-8421
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 binutils/ChangeLog | 6 ++++++
 binutils/objdump.c | 8 ++++++++
 2 files changed, 14 insertions(+)

Index: git/binutils/objdump.c
===================================================================
--- git.orig/binutils/objdump.c
+++ git/binutils/objdump.c
@@ -3311,6 +3311,14 @@ dump_relocs_in_section (bfd *abfd,
       return;
     }
 
+  if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+      && relsize > get_file_size (bfd_get_filename (abfd)))
+    {
+      printf (" (too many: 0x%x)\n", section->reloc_count);
+      bfd_set_error (bfd_error_file_truncated);
+      bfd_fatal (bfd_get_filename (abfd));
+    }
+
   relpp = (arelent **) xmalloc (relsize);
   relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
 
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog
+++ git/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2017-05-02  Nick Clifton  <nickc@redhat.com>
+
+       PR 21440
+       * objdump.c (dump_relocs_in_section): Check for an excessive
+       number of relocs before attempting to dump them.
+
 2017-04-28  Nick Clifton  <nickc@redhat.com>
 
        PR binutils/21438