[kirkstone,07/15] binutils : Fix CVE-2023-25585

Message ID	033db4876844b17de7673970860eb155d15c56e7.1683386547.git.steve@sakoman.com
State	New, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.171, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/15] binutils : Fix CVE-2023-25585 Date: Sat, 6 May 2023 05:24:37 -1000 Message-Id: <033db4876844b17de7673970860eb155d15c56e7.1683386547.git.steve@sakoman.com> In-Reply-To: <cover.1683386547.git.steve@sakoman.com> References: <cover.1683386547.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/15] ffmpeg: fix for CVE-2022-48434 \| expand [kirkstone,01/15] ffmpeg: fix for CVE-2022-48434 [kirkstone,02/15] connman: fix CVE-2023-28488 DoS in client.c [kirkstone,03/15] freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/tr… [kirkstone,04/15] go: fix CVE-2023-24534 denial of service from excessive memory allocation [kirkstone,05/15] go: Security fix for CVE-2023-24538 [kirkstone,06/15] binutils : Fix CVE-2023-25584 [kirkstone,07/15] binutils : Fix CVE-2023-25585 [kirkstone,08/15] binutils : Fix CVE-2023-1972 [kirkstone,09/15] binutils : Fix CVE-2023-25588 [kirkstone,10/15] webkitgtk: fix CVE-2022-32888 & CVE-2022-32923 [kirkstone,11/15] python3-cryptography: fix for CVE-2023-23931 [kirkstone,12/15] wic/bootimg-efi: if fixed-size is set then use that for mkdosfs [kirkstone,13/15] kernel-devicetree: allow specification of dtb directory [kirkstone,14/15] libbsd: Add correct license for all packages [kirkstone,15/15] run-postinsts: Set dependency for ldconfig to avoid boot issues

Message ID

033db4876844b17de7673970860eb155d15c56e7.1683386547.git.steve@sakoman.com

State

New, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 07/15] binutils : Fix CVE-2023-25585
Date: Sat,  6 May 2023 05:24:37 -1000
Message-Id: 
 <033db4876844b17de7673970860eb155d15c56e7.1683386547.git.steve@sakoman.com>
In-Reply-To: <cover.1683386547.git.steve@sakoman.com>
References: <cover.1683386547.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/15] ffmpeg: fix for CVE-2022-48434 | expand

Commit Message

Steve Sakoman May 6, 2023, 3:24 p.m. UTC

From: Deepthi Hemraj <deepadeepthi98@gmail.com>

Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]

Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.38.inc                |  1 +
 .../binutils/0023-CVE-2023-25585.patch        | 54 +++++++++++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 69fb8539ba..408b503644 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -53,5 +53,6 @@  SRC_URI = "\
      file://0022-CVE-2023-25584-1.patch \
      file://0022-CVE-2023-25584-2.patch \
      file://0022-CVE-2023-25584-3.patch \
+     file://0023-CVE-2023-25585.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
new file mode 100644
index 0000000000..e31a027b9f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
@@ -0,0 +1,54 @@ 
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 12 Dec 2022 08:31:08 +0000 (+1030)
+Subject: PR29892, Field file_table of struct module is uninitialized
+X-Git-Tag: gdb-13-branchpoint~86
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
+
+PR29892, Field file_table of struct module is uninitialized
+
+	PR 29892
+	* vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table.
+	(parse_module): Rewrite file_table reallocation code and clear.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]
+
+CVE: CVE-2023-25585
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 3b63259cc81..6ee7060b0b2 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4337,7 +4337,7 @@ new_module (bfd *abfd)
+     = (struct module *) bfd_zalloc (abfd, sizeof (struct module));
+   module->file_table_count = 16; /* Arbitrary.  */
+   module->file_table
+-    = bfd_malloc (module->file_table_count * sizeof (struct fileinfo));
++    = bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo));
+   return module;
+ }
+
+@@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+		       src_ptr + DST_S_B_SRC_DF_FILENAME,
+		       ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME));
+
+-		    while (fileid >= module->file_table_count)
++		    if (fileid >= module->file_table_count)
+		      {
+-			module->file_table_count *= 2;
++			unsigned int old_count = module->file_table_count;
++			module->file_table_count += fileid;
+			module->file_table
+			  = bfd_realloc_or_free (module->file_table,
+						 module->file_table_count
+						 * sizeof (struct fileinfo));
+			if (module->file_table == NULL)
+			  return false;
++			memset (module->file_table + old_count, 0,
++				fileid * sizeof (struct fileinfo));
+		      }
+
+		    module->file_table [fileid].name = filename;

[kirkstone,07/15] binutils : Fix CVE-2023-25585

Commit Message

Patch