[oe-commits] [openembedded-core] 27/51: binutils: CVE-2017-7299
git at git.openembedded.org
git at git.openembedded.org
Sun Jan 7 17:11:36 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch morty
in repository openembedded-core.
commit 020863d45d39a336723300138777583afb0b12c7
Author: Thiruvadi Rajaraman <trajaraman at mvista.com>
AuthorDate: Wed Sep 20 14:27:21 2017 +0530
binutils: CVE-2017-7299
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74257
Type: Security Fix
Disposition: Backport from 'embedded-binutils-master'
ChangeID: b55df05e3d3fd21bd30edaea124135892747b1ee
Description:
Linking non-ELF file broken by PR20908 fix
PR ld/20968
PR ld/20908
* elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
reloc counting code later after ELF flavour test.
PR lf/20908
* elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
when following indirect links.
Affects: <= 2.28
Author: Nick Clifton <nickc at redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
Reviewed-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.27.inc | 2 +
.../binutils/binutils/CVE-2017-7299_1.patch | 47 ++++++++
.../binutils/binutils/CVE-2017-7299_2.patch | 120 +++++++++++++++++++++
3 files changed, 169 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 35e26fc..1e55be6 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -76,6 +76,8 @@ SRC_URI = "\
file://CVE-2017-8394_1.patch \
file://CVE-2017-8394.patch \
file://CVE-2017-8398.patch \
+ file://CVE-2017-7299_1.patch \
+ file://CVE-2017-7299_2.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch
new file mode 100644
index 0000000..50a48bc
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch
@@ -0,0 +1,47 @@
+commit d7f399a8de4c55eb841db6493597a587fac002de
+Author: Nick Clifton <nickc at redhat.com>
+Date: Fri Dec 2 17:46:26 2016 +0000
+
+ Fix seg-fault in linker when passed a corrupt binary input file.
+
+ PR lf/20908
+ * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
+ when following indirect links.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c 2017-09-20 14:15:26.337333504 +0530
++++ git/bfd/elflink.c 2017-09-20 14:20:19.000000000 +0530
+@@ -11201,6 +11201,12 @@
+ asection *sec;
+
+ sec = p->u.indirect.section;
++ /* See PR 20908 for a reproducer. */
++ if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
++ {
++ _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
++ goto error_return;
++ }
+ esdi = elf_section_data (sec);
+
+ /* Mark all sections which are to be included in the
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 14:20:19.000000000 +0530
++++ git/bfd/ChangeLog 2017-09-20 14:23:48.743556932 +0530
+@@ -192,6 +192,10 @@
+
+ 2016-12-02 Nick Clifton <nickc at redhat.com>
+
++ PR lf/20908
++ * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
++ when following indirect links.
++
+ PR ld/20909
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+ for an illegal string offset.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch
new file mode 100644
index 0000000..7691b12
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch
@@ -0,0 +1,120 @@
+commit a961cdd5f139d3c3e09170db52bd8df7dafae13f
+Author: Alan Modra <amodra at gmail.com>
+Date: Thu Dec 15 21:29:44 2016 +1030
+
+ Linking non-ELF file broken by PR20908 fix
+
+ PR ld/20968
+ PR ld/20908
+ * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
+ reloc counting code later after ELF flavour test.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c 2017-09-20 14:15:28.133343092 +0530
++++ git/bfd/elflink.c 2017-09-20 14:15:28.189343391 +0530
+@@ -11201,13 +11201,6 @@
+ asection *sec;
+
+ sec = p->u.indirect.section;
+- /* See PR 20908 for a reproducer. */
+- if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
+- {
+- _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
+- goto error_return;
+- }
+- esdi = elf_section_data (sec);
+
+ /* Mark all sections which are to be included in the
+ link. This will normally be every section. We need
+@@ -11218,37 +11211,18 @@
+ if (sec->flags & SEC_MERGE)
+ merged = TRUE;
+
+- if (esdo->this_hdr.sh_type == SHT_REL
+- || esdo->this_hdr.sh_type == SHT_RELA)
+- /* Some backends use reloc_count in relocation sections
+- to count particular types of relocs. Of course,
+- reloc sections themselves can't have relocations. */
+- reloc_count = 0;
+- else if (emit_relocs)
+- {
+- reloc_count = sec->reloc_count;
+- if (bed->elf_backend_count_additional_relocs)
+- {
+- int c;
+- c = (*bed->elf_backend_count_additional_relocs) (sec);
+- additional_reloc_count += c;
+- }
+- }
+- else if (bed->elf_backend_count_relocs)
+- reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
+-
+ if (sec->rawsize > max_contents_size)
+ max_contents_size = sec->rawsize;
+ if (sec->size > max_contents_size)
+ max_contents_size = sec->size;
+
+- /* We are interested in just local symbols, not all
+- symbols. */
+ if (bfd_get_flavour (sec->owner) == bfd_target_elf_flavour
+ && (sec->owner->flags & DYNAMIC) == 0)
+ {
+ size_t sym_count;
+
++ /* We are interested in just local symbols, not all
++ symbols. */
+ if (elf_bad_symtab (sec->owner))
+ sym_count = (elf_tdata (sec->owner)->symtab_hdr.sh_size
+ / bed->s->sizeof_sym);
+@@ -11262,6 +11236,27 @@
+ && elf_symtab_shndx_list (sec->owner) != NULL)
+ max_sym_shndx_count = sym_count;
+
++ if (esdo->this_hdr.sh_type == SHT_REL
++ || esdo->this_hdr.sh_type == SHT_RELA)
++ /* Some backends use reloc_count in relocation sections
++ to count particular types of relocs. Of course,
++ reloc sections themselves can't have relocations. */
++ ;
++ else if (emit_relocs)
++ {
++ reloc_count = sec->reloc_count;
++ if (bed->elf_backend_count_additional_relocs)
++ {
++ int c;
++ c = (*bed->elf_backend_count_additional_relocs) (sec);
++ additional_reloc_count += c;
++ }
++ }
++ else if (bed->elf_backend_count_relocs)
++ reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
++
++ esdi = elf_section_data (sec);
++
+ if ((sec->flags & SEC_RELOC) != 0)
+ {
+ size_t ext_size = 0;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 14:15:28.013342453 +0530
++++ git/bfd/ChangeLog 2017-09-20 14:19:06.990419395 +0530
+@@ -156,6 +156,13 @@
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
++2016-12-15 Alan Modra <amodra at gmail.com>
++
++ PR ld/20968
++ PR ld/20908
++ * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
++ reloc counting code later after ELF flavour test.
++
+ 2016-12-06 Nick Clifton <nickc at redhat.com>
+
+ PR binutils/20931
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list