[oe-commits] [openembedded-core] 34/65: binutls: Security fix for CVE-2017-16830
git at git.openembedded.org
git at git.openembedded.org
Wed Aug 15 09:23:38 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch rocko
in repository openembedded-core.
commit 29c6da2092599145e5a4f00ccc6029f31ec724da
Author: Armin Kuster <akuster at mvista.com>
AuthorDate: Tue Aug 7 16:06:49 2018 -0700
binutls: Security fix for CVE-2017-16830
Affects: <= 2.29.1
Signed-off-by: Armin Kuster <akuster at mvista.com>
---
meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 +
.../binutils/binutils/CVE-2017-16830.patch | 91 ++++++++++++++++++++++
2 files changed, 92 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 7966cc3..4191482 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -57,6 +57,7 @@ SRC_URI = "\
file://CVE-2017-16828_p1.patch \
file://CVE-2017-16828_p2.patch \
file://CVE-2017-16829.patch \
+ file://CVE-2017-16830.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch
new file mode 100644
index 0000000..1382c8e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch
@@ -0,0 +1,91 @@
+From 6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 Mon Sep 17 00:00:00 2001
+From: Mingi Cho <mgcho.minic at gmail.com>
+Date: Thu, 2 Nov 2017 17:01:08 +0000
+Subject: [PATCH] Work around integer overflows when readelf is checking for
+ corrupt ELF notes when run on a 32-bit host.
+
+ PR 22384
+ * readelf.c (print_gnu_property_note): Improve overflow checks so
+ that they will work on a 32-bit host.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16830
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 33 +++++++++++++++++----------------
+ 2 files changed, 23 insertions(+), 16 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -16431,15 +16431,24 @@ print_gnu_property_note (Elf_Internal_No
+ return;
+ }
+
+- while (1)
++ while (ptr < ptr_end)
+ {
+ unsigned int j;
+- unsigned int type = byte_get (ptr, 4);
+- unsigned int datasz = byte_get (ptr + 4, 4);
++ unsigned int type;
++ unsigned int datasz;
++
++ if ((size_t) (ptr_end - ptr) < 8)
++ {
++ printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
++ break;
++ }
++
++ type = byte_get (ptr, 4);
++ datasz = byte_get (ptr + 4, 4);
+
+ ptr += 8;
+
+- if ((ptr + datasz) > ptr_end)
++ if (datasz > (size_t) (ptr_end - ptr))
+ {
+ printf (_("<corrupt type (%#x) datasz: %#x>\n"),
+ type, datasz);
+@@ -16520,19 +16529,11 @@ next:
+ ptr += ((datasz + (size - 1)) & ~ (size - 1));
+ if (ptr == ptr_end)
+ break;
+- else
+- {
+- if (do_wide)
+- printf (", ");
+- else
+- printf ("\n\t");
+- }
+
+- if (ptr > (ptr_end - 8))
+- {
+- printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
+- break;
+- }
++ if (do_wide)
++ printf (", ");
++ else
++ printf ("\n\t");
+ }
+
+ printf ("\n");
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-11-02 Mingi Cho <mgcho.minic at gmail.com>
++
++ PR 22384
++ * readelf.c (print_gnu_property_note): Improve overflow checks so
++ that they will work on a 32-bit host.
++
+ 2017-10-05 Alan Modra <amodra at gmail.com>
+
+ PR 22239
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list