binutils : CVE-2022-38533

Message ID	20220905152028.3596809-1-pgowda.cve@gmail.com
State	Accepted, archived
Commit	a7e44505667b60a160e9f1ad82105a181c747781
Headers	show Return-Path: <pgowda.cve@gmail.com> ip: 209.85.214.178, mailfrom: pgowda.cve@gmail.com) From: pgowda.cve@gmail.com To: openembedded-core@lists.openembedded.org Cc: randy.macleod@windriver.com, pgowda <pgowda.cve@gmail.com> Subject: [PATCH] binutils : CVE-2022-38533 Date: Mon, 5 Sep 2022 20:50:28 +0530 Message-Id: <20220905152028.3596809-1-pgowda.cve@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	binutils : CVE-2022-38533 \| expand binutils : CVE-2022-38533

Message ID

20220905152028.3596809-1-pgowda.cve@gmail.com

State

Accepted, archived

Commit

a7e44505667b60a160e9f1ad82105a181c747781

Headers

From: pgowda.cve@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: randy.macleod@windriver.com,
	pgowda <pgowda.cve@gmail.com>
Subject: [PATCH] binutils : CVE-2022-38533
Date: Mon,  5 Sep 2022 20:50:28 +0530
Message-Id: <20220905152028.3596809-1-pgowda.cve@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

binutils : CVE-2022-38533 | expand

Commit Message

Pgowda Sept. 5, 2022, 3:20 p.m. UTC

From: pgowda <pgowda.cve@gmail.com>

Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]

Signed-off-by: pgowda <pgowda.cve@gmail.com>
---
 .../binutils/binutils-2.39.inc                |  1 +
 .../binutils/0013-CVE-2022-38533.patch        | 36 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0013-CVE-2022-38533.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.39.inc b/meta/recipes-devtools/binutils/binutils-2.39.inc
index 89612a3eae..37627c8f93 100644
--- a/meta/recipes-devtools/binutils/binutils-2.39.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.39.inc
@@ -31,5 +31,6 @@  SRC_URI = "\
      file://0010-sync-with-OE-libtool-changes.patch \
      file://0011-Check-for-clang-before-checking-gcc-version.patch \
      file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \
+     file://0013-CVE-2022-38533.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0013-CVE-2022-38533.patch b/meta/recipes-devtools/binutils/binutils/0013-CVE-2022-38533.patch
new file mode 100644
index 0000000000..5d9ac2cb1f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0013-CVE-2022-38533.patch
@@ -0,0 +1,36 @@ 
+From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 13 Aug 2022 15:32:47 +0930
+Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
+
+	PR 29482
+	* coffcode.h (coff_set_section_contents): Sanity check _LIB.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ bfd/coffcode.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/coffcode.h b/bfd/coffcode.h
+index 67aaf158ca1..52027981c3f 100644
+--- a/bfd/coffcode.h
++++ b/bfd/coffcode.h
+@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+ 	rec = (bfd_byte *) location;
+ 	recend = rec + count;
+-	while (rec < recend)
++	while (recend - rec >= 4)
+ 	  {
++	    size_t len = bfd_get_32 (abfd, rec);
++	    if (len == 0 || len > (size_t) (recend - rec) / 4)
++	      break;
++	    rec += len * 4;
+ 	    ++section->lma;
+-	    rec += bfd_get_32 (abfd, rec) * 4;
+ 	  }
+ 
+ 	BFD_ASSERT (rec == recend);

binutils : CVE-2022-38533

Commit Message

Patch