diff options
Diffstat (limited to 'poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch')
-rw-r--r-- | poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch deleted file mode 100644 index 6a43168b8..000000000 --- a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001 -From: Nick Clifton <nickc@redhat.com> -Date: Tue, 8 May 2018 12:51:06 +0100 -Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a - fuzzed input file with corrupt string and attribute sections. - - PR 22809 - * elf.c (bfd_elf_get_str_section): Check for an excessively large - string section. - * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the - attribute section is larger than the size of the file. - -Upsteram-Status: Backport -Affects: Binutils <= 2.30 -CVE: CVE-2018-8945 -Signed-off-by: Armin kuster <akuster@mvista.com> ---- - bfd/ChangeLog | 8 ++++++++ - bfd/elf-attrs.c | 9 +++++++++ - bfd/elf.c | 1 + - 3 files changed, 18 insertions(+) - -Index: git/bfd/elf-attrs.c -=================================================================== ---- git.orig/bfd/elf-attrs.c -+++ git/bfd/elf-attrs.c -@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El - /* PR 17512: file: 2844a11d. */ - if (hdr->sh_size == 0) - return; -+ if (hdr->sh_size > bfd_get_file_size (abfd)) -+ { -+ /* xgettext:c-format */ -+ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"), -+ abfd, hdr->bfd_section, (long long) hdr->sh_size); -+ bfd_set_error (bfd_error_invalid_operation); -+ return; -+ } -+ - contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1); - if (!contents) - return; -Index: git/bfd/elf.c -=================================================================== ---- git.orig/bfd/elf.c -+++ git/bfd/elf.c -@@ -298,6 +298,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi - /* Allocate and clear an extra byte at the end, to prevent crashes - in case the string table is not terminated. */ - if (shstrtabsize + 1 <= 1 -+ || shstrtabsize > bfd_get_file_size (abfd) - || bfd_seek (abfd, offset, SEEK_SET) != 0 - || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL) - shstrtab = NULL; -Index: git/bfd/ChangeLog -=================================================================== ---- git.orig/bfd/ChangeLog -+++ git/bfd/ChangeLog -@@ -1,3 +1,11 @@ -+2018-05-08 Nick Clifton <nickc@redhat.com> -+ -+ PR 22809 -+ * elf.c (bfd_elf_get_str_section): Check for an excessively large -+ string section. -+ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the -+ attribute section is larger than the size of the file. -+ - 2018-02-07 Alan Modra <amodra@gmail.com> - - Revert 2018-01-17 Alan Modra <amodra@gmail.com> |