mirror of
https://git.yoctoproject.org/poky
synced 2026-07-17 04:07:06 +00:00
elfutils: Security fixes CVE-2019-7146,7149,7150
Source: http://sourceware.org/git/elfutils.git MR: 97563, 97568, 97558 Type: Security Fix Disposition: Backport from http://sourceware.org/git/elfutils.git ChangeID: 6183c2a25d5e32eec1846a428dd165e1de659f24 Description: Affects <= 0.175 Fixes: CVE-2019-7146 CVE-2019-7149 CVE-2019-7150 (From OE-Core rev: ac5dca7dc68519b36aa976dfd25d8efa76af74ec) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
committed by
Richard Purdie
parent
2c225a199d
commit
cd7f7bf385
@@ -0,0 +1,51 @@
|
||||
From da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Wielaard <mark@klomp.org>
|
||||
Date: Sun, 20 Jan 2019 23:05:56 +0100
|
||||
Subject: [PATCH] libdwfl: Sanity check partial core file dyn data read.
|
||||
|
||||
When reading the dyn data from the core file check if we got everything,
|
||||
or just part of the data.
|
||||
|
||||
https://sourceware.org/bugzilla/show_bug.cgi?id=24103
|
||||
|
||||
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2019-7150
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
libdwfl/ChangeLog | 5 +++++
|
||||
libdwfl/dwfl_segment_report_module.c | 6 ++++++
|
||||
2 files changed, 11 insertions(+)
|
||||
|
||||
Index: elfutils-0.175/libdwfl/dwfl_segment_report_module.c
|
||||
===================================================================
|
||||
--- elfutils-0.175.orig/libdwfl/dwfl_segment_report_module.c
|
||||
+++ elfutils-0.175/libdwfl/dwfl_segment_report_module.c
|
||||
@@ -783,6 +783,12 @@ dwfl_segment_report_module (Dwfl *dwfl,
|
||||
if (dyn_filesz != 0 && dyn_filesz % dyn_entsize == 0
|
||||
&& ! read_portion (&dyn_data, &dyn_data_size, dyn_vaddr, dyn_filesz))
|
||||
{
|
||||
+ /* dyn_data_size will be zero if we got everything from the initial
|
||||
+ buffer, otherwise it will be the size of the new buffer that
|
||||
+ could be read. */
|
||||
+ if (dyn_data_size != 0)
|
||||
+ dyn_filesz = dyn_data_size;
|
||||
+
|
||||
void *dyns = malloc (dyn_filesz);
|
||||
Elf32_Dyn (*d32)[dyn_filesz / sizeof (Elf32_Dyn)] = dyns;
|
||||
Elf64_Dyn (*d64)[dyn_filesz / sizeof (Elf64_Dyn)] = dyns;
|
||||
Index: elfutils-0.175/libdwfl/ChangeLog
|
||||
===================================================================
|
||||
--- elfutils-0.175.orig/libdwfl/ChangeLog
|
||||
+++ elfutils-0.175/libdwfl/ChangeLog
|
||||
@@ -1,3 +1,8 @@
|
||||
+2019-01-20 Mark Wielaard <mark@klomp.org>
|
||||
+
|
||||
+ * dwfl_segment_report_module.c (dwfl_segment_report_module): Check
|
||||
+ dyn_filesz vs dyn_data_size after read_portion call.
|
||||
+
|
||||
2018-10-20 Mark Wielaard <mark@klomp.org>
|
||||
|
||||
* libdwflP.h (__libdw_open_elf): New internal function declaration.
|
||||
Reference in New Issue
Block a user