[oe-commits] [openembedded-core] 24/51: binutils: CVE-2017-8421
git at git.openembedded.org
git at git.openembedded.org
Sun Jan 7 17:11:33 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch morty
in repository openembedded-core.
commit 09c642a70e2a12dcc01ffe45c333011a142c02a7
Author: Thiruvadi Rajaraman <trajaraman at mvista.com>
AuthorDate: Wed Sep 13 17:14:14 2017 +0530
binutils: CVE-2017-8421
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74140
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 5f6dd48c427de8663c5a80af6db44ce5c579d42c
Description:
Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
PR 21440
* objdump.c (dump_relocs_in_section): Check for an excessive
number of relocs before attempting to dump them.
Affects: <= 2.29
Author: Alan Modra <amodra at gmail.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
Reviewed-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.27.inc | 1 +
.../binutils/binutils/CVE-2017-8421.patch | 51 ++++++++++++++++++++++
2 files changed, 52 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 014655f..3e514fc 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -72,6 +72,7 @@ SRC_URI = "\
file://CVE-2017-8397.patch \
file://CVE-2017-7300.patch \
file://CVE-2017-8396.patch \
+ file://CVE-2017-8421.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
new file mode 100644
index 0000000..da6e475
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
@@ -0,0 +1,51 @@
+commit 39ff1b79f687b65f4144ddb379f22587003443fb
+Author: Nick Clifton <nickc at redhat.com>
+Date: Tue May 2 11:54:53 2017 +0100
+
+ Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
+
+ PR 21440
+ * objdump.c (dump_relocs_in_section): Check for an excessive
+ number of relocs before attempting to dump them.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8421
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-05 11:34:23.140802515 +0530
++++ git/binutils/objdump.c 2017-09-05 11:34:28.716824776 +0530
+@@ -3238,6 +3238,14 @@
+ return;
+ }
+
++ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
++ && relsize > get_file_size (bfd_get_filename (abfd)))
++ {
++ printf (" (too many: 0x%x)\n", section->reloc_count);
++ bfd_set_error (bfd_error_file_truncated);
++ bfd_fatal (bfd_get_filename (abfd));
++ }
++
+ relpp = (arelent **) xmalloc (relsize);
+ relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
+
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-05 11:34:28.040822070 +0530
++++ git/binutils/ChangeLog 2017-09-05 11:36:02.413217129 +0530
+@@ -4,6 +4,12 @@
+ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+ string whilst concatenating symbol names.
+
++2017-05-02 Nick Clifton <nickc at redhat.com>
++
++ PR 21440
++ * objdump.c (dump_relocs_in_section): Check for an excessive
++ number of relocs before attempting to dump them.
++
+ 2017-02-14 Nick Clifton <nickc at redhat.com>
+
+ PR binutils/21157
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list