mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 13:29:49 +00:00
Code Issues Projects Releases Wiki Activity

binutls: Security fix for CVE-2017-16830

Browse Source 
Affects: <= 2.29.1

(From OE-Core rev: 29c6da2092599145e5a4f00ccc6029f31ec724da)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
2018-08-07 16:06:49 -07:00
committed by Richard Purdie
parent 2720b93220
commit 7d51055f44
2 changed files with 92 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/binutils/binutils-2.29.1.inc
+1
View File
@@ -57,6 +57,7 @@ SRC_URI = "\
file://CVE-2017-16828_p1.patch \
file://CVE-2017-16828_p2.patch \
file://CVE-2017-16829.patch \
file://CVE-2017-16830.patch \
"
S = "${WORKDIR}/git"
meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch
+91
View File
@@ -0,0 +1,91 @@
From 6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 Mon Sep 17 00:00:00 2001
From: Mingi Cho <mgcho.minic@gmail.com>
Date: Thu, 2 Nov 2017 17:01:08 +0000
Subject: [PATCH] Work around integer overflows when readelf is checking for
corrupt ELF notes when run on a 32-bit host.
PR 22384
* readelf.c (print_gnu_property_note): Improve overflow checks so
that they will work on a 32-bit host.
Upstream-Status: Backport
Affects: <= 2.29.1
CVE: CVE-2017-16830
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
binutils/ChangeLog | 6 ++++++
binutils/readelf.c | 33 +++++++++++++++++----------------
2 files changed, 23 insertions(+), 16 deletions(-)
Index: git/binutils/readelf.c
===================================================================
--- git.orig/binutils/readelf.c
+++ git/binutils/readelf.c
@@ -16431,15 +16431,24 @@ print_gnu_property_note (Elf_Internal_No
return;
}
- while (1)
+ while (ptr < ptr_end)
{
unsigned int j;
- unsigned int type = byte_get (ptr, 4);
- unsigned int datasz = byte_get (ptr + 4, 4);
+ unsigned int type;
+ unsigned int datasz;
+
+ if ((size_t) (ptr_end - ptr) < 8)
+ {
+ printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
+ break;
+ }
+
+ type = byte_get (ptr, 4);
+ datasz = byte_get (ptr + 4, 4);
ptr += 8;
- if ((ptr + datasz) > ptr_end)
+ if (datasz > (size_t) (ptr_end - ptr))
{
printf (_("<corrupt type (%#x) datasz: %#x>\n"),
type, datasz);
@@ -16520,19 +16529,11 @@ next:
ptr += ((datasz + (size - 1)) & ~ (size - 1));
if (ptr == ptr_end)
break;
- else
- {
- if (do_wide)
- printf (", ");
- else
- printf ("\n\t");
- }
- if (ptr > (ptr_end - 8))
- {
- printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
- break;
- }
+ if (do_wide)
+ printf (", ");
+ else
+ printf ("\n\t");
}
printf ("\n");
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog
+++ git/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2017-11-02 Mingi Cho <mgcho.minic@gmail.com>
+
+ PR 22384
+ * readelf.c (print_gnu_property_note): Improve overflow checks so
+ that they will work on a 32-bit host.
+
2017-10-05 Alan Modra <amodra@gmail.com>
PR 22239