[oe-commits] [openembedded-core] 22/51: Fix seg-fault in the linker when examining a corrupt binary.
git at git.openembedded.org
git at git.openembedded.org
Sun Jan 7 17:11:31 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch morty
in repository openembedded-core.
commit c1b259c5fef13e1ecff9a68d82cde49c777ffa4d
Author: Manjunath S Matti <mmatti at mvista.com>
AuthorDate: Wed Sep 13 16:02:32 2017 +0530
Fix seg-fault in the linker when examining a corrupt binary.
Source: https://sourceware.org/
MR: 74244
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=531336e3a0b79ed60cfc36ad2d6579b6a71175da
ChangeID: 69cc8699fcb0655f3a48778e514552dfaea7229c
Description:
Fix seg-fault in the linker when examining a corrupt binary.
PR ld/20909
* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
for an illegal string offset.
CVE: CVE-2017-7300
Affects: < 2.27-r0.9.1
Author: Nick Clifton <nickc at redhat.com>
Signed-off-by: Manjunath S Matti <mmatti at mvista.com>
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.27.inc | 1 +
.../binutils/binutils/CVE-2017-7300.patch | 55 ++++++++++++++++++++++
2 files changed, 56 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index a5122c5..23aac6b 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -70,6 +70,7 @@ SRC_URI = "\
file://CVE-2017-8393.patch \
file://CVE-2017-8395.patch \
file://CVE-2017-8397.patch \
+ file://CVE-2017-7300.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
new file mode 100644
index 0000000..c4432e7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
@@ -0,0 +1,55 @@
+From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc at redhat.com>
+Date: Fri, 2 Dec 2016 16:41:14 +0000
+Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary.
+
+ PR ld/20909
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+ for an illegal string offset.
+
+Upstream-Status: Backport
+CVE: CVE-2017-7300
+VER: < 2.27-r0.9.1
+Signed-off-by: Manjunath Matti <mmatti at mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/aoutx.h | 3 +--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/ChangeLog b/bfd/ChangeLog
+index d061e66..c8085e7 100644
+--- a/bfd/ChangeLog
++++ b/bfd/ChangeLog
+@@ -175,6 +175,12 @@
+ * aoutx.h (find_nearest_line): Handle the case where the function
+ name is empty.
+
++2016-12-02 Nick Clifton <nickc at redhat.com>
++
++ PR ld/20909
++ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
++ for an illegal string offset.
++
+ 2016-08-02 Nick Clifton <nickc at redhat.com>
+
+ PR ld/17739
+diff --git a/bfd/aoutx.h b/bfd/aoutx.h
+index 4308679..b9ac2b7 100644
+--- a/bfd/aoutx.h
++++ b/bfd/aoutx.h
+@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
+ continue;
+
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ return FALSE;
+ name = strings + GET_WORD (abfd, p->e_strx);
+-
+ value = GET_WORD (abfd, p->e_value);
+ flags = BSF_GLOBAL;
+ string = NULL;
+--
+2.9.3
+
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list