code.ossystems Code Review - openembedded-core.git/commit

binutils: Fix CVE-2017-6965 and CVE-2017-6966

Backport upstream commit to address vulnerabilities:

CVE: CVE-2017-6965
[BZ 21137] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21137

Fix readelf writing to illegal addresses whilst processing corrupt input
files containing symbol-difference relocations.

PR binutils/21137
* readelf.c (target_specific_reloc_handling): Add end parameter.
Check for buffer overflow before writing relocated values.
(apply_relocations): Pass end to target_specific_reloc_handling.

CVE: CVE-2017-6966
[BZ 21139] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21139

Fix read-after-free error in readelf when processing multiple, relocated
sections in an MSP430 binary.

PR binutils/21139
* readelf.c (target_specific_reloc_handling): Add num_syms
parameter. Check for symbol table overflow before accessing
symbol value. If reloc pointer is NULL, discard all saved state.
(apply_relocations): Pass num_syms to target_specific_reloc_handling.
Call target_specific_reloc_handling with a NULL reloc pointer
after processing all of the relocs.

Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

author	Yuanjie Huang <Yuanjie.Huang@windriver.com>
	Tue, 11 Apr 2017 01:58:34 +0000 (18:58 -0700)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 18 May 2017 12:04:47 +0000 (13:04 +0100)
commit	477afc5634698d6c5cdb6d7705a31d859495695d
tree	f25f5e68ee0b349f572a3c354b0a1a23c36007ba	tree \| snapshot
parent	00ff70dc6284a510e4fe3acfaae6b59663fd3141	commit \| diff

meta/recipes-devtools/binutils/binutils-2.27.inc		diff \| blob \| history
meta/recipes-devtools/binutils/binutils/CVE-2017-6965.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/binutils/binutils/CVE-2017-6966.patch	[new file with mode: 0644]	blob