mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 13:29:49 +00:00
Code Issues Projects Releases Wiki Activity

Binutils: Security fix for CVE-2018-13033

Browse Source 
Affects: <= 2.30

(From OE-Core rev: 64afab325facc55f4a49247e4033b1d3c8b22b67)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
2018-08-08 12:07:35 -07:00
committed by Richard Purdie
parent 8eeacb689b
commit 1b202d632b
2 changed files with 72 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/binutils/binutils-2.29.1.inc
+1
View File
@@ -69,6 +69,7 @@ SRC_URI = "\
file://CVE-2018-10373.patch \
file://CVE-2018-10534.patch \
file://CVE-2018-10535.patch \
file://CVE-2018-13033.patch \
"
S = "${WORKDIR}/git"
meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch
+71
View File
@@ -0,0 +1,71 @@
From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 8 May 2018 12:51:06 +0100
Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a
fuzzed input file with corrupt string and attribute sections.
PR 22809
* elf.c (bfd_elf_get_str_section): Check for an excessively large
string section.
* elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
attribute section is larger than the size of the file.
Upstream-Status: Backport
Affects: <= 2.30
CVE: CVE-2018-13033
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
bfd/ChangeLog | 8 ++++++++
bfd/elf-attrs.c | 9 +++++++++
bfd/elf.c | 1 +
3 files changed, 18 insertions(+)
Index: git/bfd/elf-attrs.c
===================================================================
--- git.orig/bfd/elf-attrs.c
+++ git/bfd/elf-attrs.c
@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El
/* PR 17512: file: 2844a11d. */
if (hdr->sh_size == 0)
return;
+ if (hdr->sh_size > bfd_get_file_size (abfd))
+ {
+ /* xgettext:c-format */
+ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
+ abfd, hdr->bfd_section, (long long) hdr->sh_size);
+ bfd_set_error (bfd_error_invalid_operation);
+ return;
+ }
+
contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
if (!contents)
return;
Index: git/bfd/elf.c
===================================================================
--- git.orig/bfd/elf.c
+++ git/bfd/elf.c
@@ -297,6 +297,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
/* Allocate and clear an extra byte at the end, to prevent crashes
in case the string table is not terminated. */
if (shstrtabsize + 1 <= 1
+ || shstrtabsize > bfd_get_file_size (abfd)
|| bfd_seek (abfd, offset, SEEK_SET) != 0
|| (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
shstrtab = NULL;
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
@@ -1,3 +1,11 @@
+2018-05-08 Nick Clifton <nickc@redhat.com>
+
+ PR 22809
+ * elf.c (bfd_elf_get_str_section): Check for an excessively large
+ string section.
+ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
+ attribute section is larger than the size of the file.
+
2018-04-24 Nick Clifton <nickc@redhat.com>
PR 23113