[oe-commits] [openembedded-core] 24/65: binutls: Security fix for CVE-2017-15023
git at git.openembedded.org
git at git.openembedded.org
Wed Aug 15 09:23:28 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch rocko
in repository openembedded-core.
commit 755fd4e68af4cdafc482c02b7822cc06215da4fb
Author: Armin Kuster <akuster at mvista.com>
AuthorDate: Mon Aug 6 18:53:37 2018 -0700
binutls: Security fix for CVE-2017-15023
affects: <= 2.29.1
Signed-off-by: Armin Kuster <akuster at mvista.com>
---
meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 +
.../binutils/binutils/CVE-2017-15023.patch | 52 ++++++++++++++++++++++
2 files changed, 53 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 191d8e1..caff121 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -46,6 +46,7 @@ SRC_URI = "\
file://CVE-2017-14940.patch \
file://CVE-2017-15021.patch \
file://CVE-2017-15022.patch \
+ file://CVE-2017-15023.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch
new file mode 100644
index 0000000..9439b7b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch
@@ -0,0 +1,52 @@
+From c361faae8d964db951b7100cada4dcdc983df1bf Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra at gmail.com>
+Date: Mon, 25 Sep 2017 19:03:46 +0930
+Subject: [PATCH] PR22200, DWARF5 .debug_line sanity check
+
+The format_count entry can't be zero unless the count is also zero.
+
+ PR 22200
+ * dwarf2.c (read_formatted_entries): Error on format_count zero.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15023
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c | 7 +++++++
+ 2 files changed, 12 insertions(+)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1934,6 +1934,13 @@ read_formatted_entries (struct comp_unit
+ data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end);
+ buf += bytes_read;
+
++ if (format_count == 0 && data_count != 0)
++ {
++ _bfd_error_handler (_("Dwarf Error: Zero format count."));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++
+ /* PR 22210. Paranoia check. Don't bother running the loop
+ if we know that we are going to run out of buffer. */
+ if (data_count > (bfd_vma) (buf_end - buf))
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,9 @@
+ 2017-09-25 Alan Modra <amodra at gmail.com>
++
++ PR 22200
++ * dwarf2.c (read_formatted_entries): Error on format_count zero.
++
++2017-09-25 Alan Modra <amodra at gmail.com>
+
+ PR 22201
+ * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list