code.ossystems Code Review - openembedded-core.git/commit

binutils: Fix CVE-2017-6965 and CVE-2017-6966

Backport upstream commit to address vulnerabilities:

CVE: CVE-2017-6965
[BZ 21137] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21137

Fix readelf writing to illegal addresses whilst processing corrupt input
files containing symbol-difference relocations.

PR binutils/21137
* readelf.c (target_specific_reloc_handling): Add end parameter.
Check for buffer overflow before writing relocated values.
(apply_relocations): Pass end to target_specific_reloc_handling.

CVE: CVE-2017-6966
[BZ 21139] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21139

Fix read-after-free error in readelf when processing multiple, relocated
sections in an MSP430 binary.

PR binutils/21139
* readelf.c (target_specific_reloc_handling): Add num_syms
parameter. Check for symbol table overflow before accessing
symbol value. If reloc pointer is NULL, discard all saved state.
(apply_relocations): Pass num_syms to target_specific_reloc_handling.
Call target_specific_reloc_handling with a NULL reloc pointer
after processing all of the relocs.

Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

author	Yuanjie Huang <yuanjie.huang@windriver.com>
	Tue, 11 Apr 2017 07:00:24 +0000 (00:00 -0700)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 11 Apr 2017 17:09:20 +0000 (18:09 +0100)
commit	8c52a530ba2beb438aa47956bcec3777a1eafe5f
tree	0c437489a36ea00c5986fc2081c654c52ba95491	tree \| snapshot
parent	378b333fb09d106fb04901f5a4362fc0eb076e82	commit \| diff

meta/recipes-devtools/binutils/binutils-2.28.inc		diff \| blob \| history
meta/recipes-devtools/binutils/binutils/CVE-2017-6965.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/binutils/binutils/CVE-2017-6966.patch	[new file with mode: 0644]	blob