binutils: CVE-2017-7226

author Thiruvadi Rajaraman <trajaraman@mvista.com>

Wed, 23 Aug 2017 08:36:58 +0000 (14:06 +0530)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Sun, 7 Jan 2018 17:09:43 +0000 (17:09 +0000)
author Thiruvadi Rajaraman <trajaraman@mvista.com>
Wed, 23 Aug 2017 08:36:58 +0000 (14:06 +0530)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Sun, 7 Jan 2018 17:09:43 +0000 (17:09 +0000)
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc

index 3f8a5fe19cc75afcf4ec659c7406752f2c0979f2..3c29f660cda22529afeb2f268f7a31a30bab9e07 100644 (file)
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -52,6 +52,7 @@ SRC_URI = "\
       file://CVE-2017-9040_and_9042.patch \
       file://CVE-2017-9041_1.patch \
       file://CVE-2017-9041_2.patch \
+     file://CVE-2017-7226.patch \
  "
  S  = "${WORKDIR}/git"
  
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch

new file mode 100644 (file)

index 0000000..7525f34
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch
@@ -0,0 +1,42 @@
+Fix seg-fault in the binutils utilities when reading a corrupt input file.
+
+PR binutils/20905
+* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+the end of the string buffer.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7226
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog     2017-08-23 13:59:16.868424171 +0530
++++ git/bfd/ChangeLog  2017-08-23 14:03:22.683013823 +0530
+@@ -39,6 +39,12 @@
+        (bfd_elf_final_link): Only initialize the extended symbol index
+        section if there are extended symbol tables to list.
+ 
++2016-12-05  Nick Clifton  <nickc@redhat.com>
++ 
++       PR binutils/20905
++       * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
++       the end of the string buffer.
++
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+       PR ld/17739
+Index: git/bfd/peicode.h
+===================================================================
+--- git.orig/bfd/peicode.h     2017-08-23 13:59:06.948319100 +0530
++++ git/bfd/peicode.h  2017-08-23 13:59:16.920424722 +0530
+@@ -1264,7 +1264,8 @@
+     }
+ 
+   symbol_name = (char *) ptr;
+-  source_dll  = symbol_name + strlen (symbol_name) + 1;
++  /* See PR 20905 for an example of where the strnlen is necessary.  */
++  source_dll  = symbol_name + strnlen (symbol_name, size - 1) + 1;
+ 
+   /* Verify that the strings are null terminated.  */
+   if (ptr[size - 1] != 0
author	Thiruvadi Rajaraman <trajaraman@mvista.com>
	Wed, 23 Aug 2017 08:36:58 +0000 (14:06 +0530)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sun, 7 Jan 2018 17:09:43 +0000 (17:09 +0000)
meta/recipes-devtools/binutils/binutils-2.27.inc		patch \| blob \| history
meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch	[new file with mode: 0644]	patch \| blob