[oe-commits] [openembedded-core] 09/10: binutils: fix CVE-2017-7209 in readelf
git at git.openembedded.org
git at git.openembedded.org
Mon Jun 5 22:30:50 UTC 2017
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch pyro
in repository openembedded-core.
commit b262000162cb4e18421dd85bf5216c9fa3bdbf15
Author: Yuanjie Huang <yuanjie.huang at windriver.com>
AuthorDate: Thu May 25 19:40:40 2017 -0700
binutils: fix CVE-2017-7209 in readelf
CVE: CVE-2017-7209
[BZ 21135] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21135
PR binutils/21135: Fix invalid read of section contents whilst processing
a corrupt binary.
(From OE-Core rev: 2df642ca0a1e4a4e6616729018cf32d2108cabb2)
Signed-off-by: Yuanjie Huang <yuanjie.huang at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-7209.patch | 62 ++++++++++++++++++++++
2 files changed, 63 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 75eca32..ed571b3 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -41,6 +41,7 @@ SRC_URI = "\
file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \
file://CVE-2017-6969.patch \
file://CVE-2017-6969_2.patch \
+ file://CVE-2017-7209.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch
new file mode 100644
index 0000000..2357a12
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch
@@ -0,0 +1,62 @@
+From b2706ceadac7239e7b02d43f05100fc6538b0d65 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc at redhat.com>
+Date: Mon, 13 Feb 2017 15:04:37 +0000
+Subject: Fix invalid read of section contents whilst processing a corrupt binary.
+
+ PR binutils/21135
+ * readelf.c (dump_section_as_bytes): Handle the case where
+ uncompress_section_contents returns false.
+
+CVE: CVE-2017-7209
+Upstream-Status: Backport[master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang at windriver.com>
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 16 ++++++++++++----
+ 2 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index 53352c1801..cf92744c12 100644
+--- a/binutils/ChangeLog
++++ b/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-02-13 Nick Clifton <nickc at redhat.com>
++
++ PR binutils/21135
++ * readelf.c (dump_section_as_bytes): Handle the case where
++ uncompress_section_contents returns false.
++
+ 2017-02-20 Nick Clifton <nickc at redhat.com>
+
+ PR binutils/21156
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index 4960491c5c..f0e7b080e8 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -12803,10 +12803,18 @@ dump_section_as_bytes (Elf_Internal_Shdr * section,
+ new_size -= 12;
+ }
+
+- if (uncompressed_size
+- && uncompress_section_contents (& start, uncompressed_size,
+- & new_size))
+- section_size = new_size;
++ if (uncompressed_size)
++ {
++ if (uncompress_section_contents (& start, uncompressed_size,
++ & new_size))
++ section_size = new_size;
++ else
++ {
++ error (_("Unable to decompress section %s\n"),
++ printable_section_name (section));
++ return;
++ }
++ }
+ }
+
+ if (relocate)
+--
+2.11.0
+
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list