[oe-commits] [openembedded-core] 36/65: binutls: Security fix for CVE-2017-16832
git at git.openembedded.org
git at git.openembedded.org
Wed Aug 15 09:23:40 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch rocko
in repository openembedded-core.
commit ec8861a2f280a3210f9423fd1b687bca6340b8ca
Author: Armin Kuster <akuster at mvista.com>
AuthorDate: Tue Aug 7 16:22:27 2018 -0700
binutls: Security fix for CVE-2017-16832
Affects: <= 2.29.1
Signed-off-by: Armin Kuster <akuster at mvista.com>
---
meta/recipes-devtools/binutils/binutils-2.29.1.inc | 1 +
.../binutils/binutils/CVE-2017-16832.patch | 61 ++++++++++++++++++++++
2 files changed, 62 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index d5db6e8..6611fdc 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -59,6 +59,7 @@ SRC_URI = "\
file://CVE-2017-16829.patch \
file://CVE-2017-16830.patch \
file://CVE-2017-16831.patch \
+ file://CVE-2017-16832.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch
new file mode 100644
index 0000000..9044bcc
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch
@@ -0,0 +1,61 @@
+From 0bb6961f18b8e832d88b490d421ca56cea16c45b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc at redhat.com>
+Date: Tue, 31 Oct 2017 14:29:40 +0000
+Subject: [PATCH] Fix illegal memory access triggered when parsing a PE binary
+ with a corrupt data dictionary.
+
+ PR 22373
+ * peicode.h (pe_bfd_read_buildid): Check for invalid size and data
+ offset values.
+
+Upstrem-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16832
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/peicode.h | 9 ++++++---
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+Index: git/bfd/peicode.h
+===================================================================
+--- git.orig/bfd/peicode.h
++++ git/bfd/peicode.h
+@@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd)
+ bfd_byte *data = 0;
+ bfd_size_type dataoff;
+ unsigned int i;
+-
+ bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress;
+ bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size;
+
+@@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd)
+
+ dataoff = addr - section->vma;
+
+- /* PR 20605: Make sure that the data is really there. */
+- if (dataoff + size > section->size)
++ /* PR 20605 and 22373: Make sure that the data is really there.
++ Note - since we are dealing with unsigned quantities we have
++ to be careful to check for potential overflows. */
++ if (dataoff > section->size
++ || size > section->size
++ || dataoff + size > section->size)
+ {
+ _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."),
+ abfd);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-31 Nick Clifton <nickc at redhat.com>
++
++ PR 22373
++ * peicode.h (pe_bfd_read_buildid): Check for invalid size and data
++ offset values.
++
+ 2017-11-03 Mingi Cho <mgcho.minic at gmail.com>
+ Nick Clifton <nickc at redhat.com>
+
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list