[oe-commits] [openembedded-core] 18/51: binutils: CVE-2017-7304
git at git.openembedded.org
git at git.openembedded.org
Sun Jan 7 17:11:27 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch morty
in repository openembedded-core.
commit fcadfc35ebe90d3f0f3aa0db8caeddb5c07c3120
Author: Thiruvadi Rajaraman <trajaraman at mvista.com>
AuthorDate: Mon Sep 4 16:47:25 2017 +0530
binutils: CVE-2017-7304
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74192
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: 9a4c249becded1b479c0b9e9f175aebb80294317
Description:
Fix seg-fault in strip when copying a corrupt binary.
PR binutils/20931
* elf.c (copy_special_section_fields): Check for an invalid
sh_link field before attempting to follow it.
Affects: <= 2.28
Author: Nick Clifton <nickc at redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
Reviewed-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.27.inc | 1 +
.../binutils/binutils/CVE-2017-7304.patch | 53 ++++++++++++++++++++++
2 files changed, 54 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index b60aa8a..d1ad198 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -66,6 +66,7 @@ SRC_URI = "\
file://CVE-2017-7301.patch \
file://CVE-2017-7302.patch \
file://CVE-2017-7303.patch \
+ file://CVE-2017-7304.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch
new file mode 100644
index 0000000..817a3f0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch
@@ -0,0 +1,53 @@
+commit 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df
+Author: Nick Clifton <nickc at redhat.com>
+Date: Tue Dec 6 16:53:57 2016 +0000
+
+ Fix seg-fault in strip when copying a corrupt binary.
+
+ PR binutils/20931
+ * elf.c (copy_special_section_fields): Check for an invalid
+ sh_link field before attempting to follow it.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7304
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 16:13:03.512095249 +0530
++++ git/bfd/ChangeLog 2017-09-04 16:16:25.173745111 +0530
+@@ -114,6 +114,12 @@
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
++ 2016-12-06 Nick Clifton <nickc at redhat.com>
++
++ PR binutils/20931
++ * elf.c (copy_special_section_fields): Check for an invalid
++ sh_link field before attempting to follow it.
++
+ 2016-12-05 Nick Clifton <nickc at redhat.com>
+
+ PR binutils/20905
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-04 16:13:03.512095249 +0530
++++ git/bfd/elf.c 2017-09-04 16:15:38.257359045 +0530
+@@ -1324,6 +1324,16 @@
+ in the input bfd. */
+ if (iheader->sh_link != SHN_UNDEF)
+ {
++ /* See PR 20931 for a reproducer. */
++ if (iheader->sh_link >= elf_numsections (ibfd))
++ {
++ (* _bfd_error_handler)
++ /* xgettext:c-format */
++ (_("%B: Invalid sh_link field (%d) in section number %d"),
++ ibfd, iheader->sh_link, secnum);
++ return FALSE;
++ }
++
+ sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link);
+ if (sh_link != SHN_UNDEF)
+ {
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list