[oe-commits] [openembedded-core] 20/51: binutils: CVE-2017-8395

git at git.openembedded.org git at git.openembedded.org
Sun Jan 7 17:11:29 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch morty
in repository openembedded-core.

commit addac2e8f6f6132807a590a032a4292079542fbe
Author: Thiruvadi Rajaraman <trajaraman at mvista.com>
AuthorDate: Mon Sep 4 18:31:38 2017 +0530

    binutils: CVE-2017-8395
    
    Source: git://sourceware.org/git/binutils-gdb.git
    MR: 74153
    Type: Security Fix
    Disposition: Backport from binutils-2_29
    ChangeID: 27dce214c561f9ae6f874990432f9d76a7de29d4
    Description:
    
        Fix seg-fault attempting to compress a debug section in a corrupt binary.
    
            PR binutils/21431
            * compress.c (bfd_init_section_compress_status): Check the return
            value from bfd_malloc.
    
    Affects: <= 2.29
    
    Author: Nick Clifton <nickc at redhat.com>
    Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
    Reviewed-by: Armin Kuster <akuster at mvista.com>
    Signed-off-by: Armin Kuster <akuster at mvista.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 meta/recipes-devtools/binutils/binutils-2.27.inc   |  1 +
 .../binutils/binutils/CVE-2017-8395.patch          | 72 ++++++++++++++++++++++
 2 files changed, 73 insertions(+)

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 447de53..ecb0cdf 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -68,6 +68,7 @@ SRC_URI = "\
      file://CVE-2017-7303.patch \
      file://CVE-2017-7304.patch \
      file://CVE-2017-8393.patch \
+     file://CVE-2017-8395.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
new file mode 100644
index 0000000..42793e1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
@@ -0,0 +1,72 @@
+commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3
+Author: Nick Clifton <nickc at redhat.com>
+Date:   Wed Apr 26 13:07:49 2017 +0100
+
+    Fix seg-fault attempting to compress a debug section in a corrupt binary.
+    
+    	PR binutils/21431
+    	* compress.c (bfd_init_section_compress_status): Check the return
+    	value from bfd_malloc.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8395
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c	2017-09-04 17:55:00.546577566 +0530
++++ git/bfd/compress.c	2017-09-04 17:55:10.770664577 +0530
+@@ -534,7 +534,6 @@
+ {
+   bfd_size_type uncompressed_size;
+   bfd_byte *uncompressed_buffer;
+-  bfd_boolean ret;
+ 
+   /* Error if not opened for read.  */
+   if (abfd->direction != read_direction
+@@ -550,18 +549,18 @@
+   /* Read in the full section contents and compress it.  */
+   uncompressed_size = sec->size;
+   uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
++  /* PR 21431 */
++  if (uncompressed_buffer == NULL)
++    return FALSE;
++
+   if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
+ 				 0, uncompressed_size))
+-    ret = FALSE;
+-  else
+-    {
+-      uncompressed_size = bfd_compress_section_contents (abfd, sec,
+-							 uncompressed_buffer,
+-							 uncompressed_size);
+-      ret = uncompressed_size != 0;
+-    }
++    return FALSE;
+ 
+-  return ret;
++  uncompressed_size = bfd_compress_section_contents (abfd, sec,
++						     uncompressed_buffer,
++						     uncompressed_size);
++  return uncompressed_size != 0;
+ }
+ 
+ /*
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 17:55:10.714664101 +0530
++++ git/bfd/ChangeLog	2017-09-04 17:56:40.991431847 +0530
+@@ -73,6 +73,12 @@
+        (evax_bfd_print_egsd): Check for an overlarge record length.
+        (evax_bfd_print_etir): Likewise.
+ 
++2017-04-26  Nick Clifton  <nickc at redhat.com>
++
++       PR binutils/21431
++       * compress.c (bfd_init_section_compress_status): Check the return
++       value from bfd_malloc.
++
+ 2017-04-25  Maciej W. Rozycki  <macro at imgtec.com>
+ 
+        * readelf.c (process_mips_specific): Remove error reporting from

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list