mirror of
https://git.yoctoproject.org/poky
synced 2026-06-01 00:59:48 +00:00
Fix seg-fault in the linker when examining a corrupt binary.
Source: https://sourceware.org/ MR: 74244 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=531336e3a0b79ed60cfc36ad2d6579b6a71175da ChangeID: 69cc8699fcb0655f3a48778e514552dfaea7229c Description: Fix seg-fault in the linker when examining a corrupt binary. PR ld/20909 * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check for an illegal string offset. CVE: CVE-2017-7300 Affects: < 2.27-r0.9.1 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: c1b259c5fef13e1ecff9a68d82cde49c777ffa4d) Signed-off-by: Manjunath S Matti <mmatti@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Manjunath S Matti
committed by
Richard Purdie
Richard Purdie
parent
f98a25139e
commit
2dcc1db01d
@@ -70,6 +70,7 @@ SRC_URI = "\
|
|||||||
file://CVE-2017-8393.patch \
|
file://CVE-2017-8393.patch \
|
||||||
file://CVE-2017-8395.patch \
|
file://CVE-2017-8395.patch \
|
||||||
file://CVE-2017-8397.patch \
|
file://CVE-2017-8397.patch \
|
||||||
|
file://CVE-2017-7300.patch \
|
||||||
"
|
"
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,55 @@
|
|||||||
|
From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nick Clifton <nickc@redhat.com>
|
||||||
|
Date: Fri, 2 Dec 2016 16:41:14 +0000
|
||||||
|
Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary.
|
||||||
|
|
||||||
|
PR ld/20909
|
||||||
|
* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
|
||||||
|
for an illegal string offset.
|
||||||
|
|
||||||
|
Upstream-Status: Backport
|
||||||
|
CVE: CVE-2017-7300
|
||||||
|
VER: < 2.27-r0.9.1
|
||||||
|
Signed-off-by: Manjunath Matti <mmatti@mvista.com>
|
||||||
|
|
||||||
|
---
|
||||||
|
bfd/ChangeLog | 6 ++++++
|
||||||
|
bfd/aoutx.h | 3 +--
|
||||||
|
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
|
||||||
|
index d061e66..c8085e7 100644
|
||||||
|
--- a/bfd/ChangeLog
|
||||||
|
+++ b/bfd/ChangeLog
|
||||||
|
@@ -175,6 +175,12 @@
|
||||||
|
* aoutx.h (find_nearest_line): Handle the case where the function
|
||||||
|
name is empty.
|
||||||
|
|
||||||
|
+2016-12-02 Nick Clifton <nickc@redhat.com>
|
||||||
|
+
|
||||||
|
+ PR ld/20909
|
||||||
|
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
|
||||||
|
+ for an illegal string offset.
|
||||||
|
+
|
||||||
|
2016-08-02 Nick Clifton <nickc@redhat.com>
|
||||||
|
|
||||||
|
PR ld/17739
|
||||||
|
diff --git a/bfd/aoutx.h b/bfd/aoutx.h
|
||||||
|
index 4308679..b9ac2b7 100644
|
||||||
|
--- a/bfd/aoutx.h
|
||||||
|
+++ b/bfd/aoutx.h
|
||||||
|
@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
/* PR 19629: Corrupt binaries can contain illegal string offsets. */
|
||||||
|
- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
|
||||||
|
+ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
|
||||||
|
return FALSE;
|
||||||
|
name = strings + GET_WORD (abfd, p->e_strx);
|
||||||
|
-
|
||||||
|
value = GET_WORD (abfd, p->e_value);
|
||||||
|
flags = BSF_GLOBAL;
|
||||||
|
string = NULL;
|
||||||
|
--
|
||||||
|
2.9.3
|
||||||
|
|
||||||
Reference in New Issue
Block a user