[oe-commits] [openembedded-core] 19/65: binutls: Security fix for CVE-2017-14938
git at git.openembedded.org
git at git.openembedded.org
Wed Aug 15 09:23:23 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch rocko
in repository openembedded-core.
commit 45de3690367c8e0adf443a2f2630ecf8791789d6
Author: Armin Kuster <akuster at mvista.com>
AuthorDate: Mon Aug 6 14:16:09 2018 -0700
binutls: Security fix for CVE-2017-14938
Affects: <= 2.29.1
Signed-off-by: Armin Kuster <akuster at mvista.com>
---
meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 +
.../binutils/binutils/CVE-2017-14938.patch | 64 ++++++++++++++++++++++
2 files changed, 65 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 1962f5c..c7c755f 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -41,6 +41,7 @@ SRC_URI = "\
file://CVE-2017-14933_p1.patch \
file://CVE-2017-14933_p2.patch \
file://CVE-2017-14934.patch \
+ file://CVE-2017-14938.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
new file mode 100644
index 0000000..e62c73c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
@@ -0,0 +1,64 @@
+From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra at gmail.com>
+Date: Sun, 24 Sep 2017 14:34:57 +0930
+Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation
+
+The sanity check covers the previous minimim size, plus that the size
+is at least enough for sh_info verneed entries.
+
+Also, since we write all verneed fields or exit with an error, there
+isn't any need to zero the memory allocated for verneed entries.
+
+ PR 22166
+ * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
+ SHT_GNU_verneed section for sanity. Don't zalloc memory for
+ verref.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14938
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/elf.c | 5 +++--
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+
+ hdr = &elf_tdata (abfd)->dynverref_hdr;
+
+- if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed))
++ if (hdr->sh_info == 0
++ || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed))
+ {
+ error_return_bad_verref:
+ _bfd_error_handler
+@@ -8219,7 +8220,7 @@ error_return_verref:
+ goto error_return_verref;
+
+ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *)
+- bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
++ bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
+
+ if (elf_tdata (abfd)->verref == NULL)
+ goto error_return_verref;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-24 Alan Modra <amodra at gmail.com>
++
++ PR 22166
++ * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
++ SHT_GNU_verneed section for sanity. Don't zalloc memory for
++ verref.
++
+ 2017-09-26 Alan Modra <amodra at gmail.com>
+
+ PR 22210
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list