Message ID | 20230504090355.1212654-1-deepadeepthi98@gmail.com |
---|---|
State | New |
Headers | show |
Series | [V2] binutils : Fix CVE-2023-1972 | expand |
Thanks for helping with CVE fixes! In the future if you are going to submit multiple patches for a recipe it would be helpful to submit them as a series rather than individual patches against the current top of tree. This will save me from having to do manual fixups for each patch after the first. Best regards, Steve On Wed, May 3, 2023 at 11:04 PM Deepthi Hemraj <deepadeepthi98@gmail.com> wrote: > > Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086] > > Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com> > --- > .../binutils/binutils-2.40.inc | 1 + > .../binutils/0017-CVE-2023-1972.patch | 40 +++++++++++++++++++ > 2 files changed, 41 insertions(+) > create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.40.inc b/meta/recipes-devtools/binutils/binutils-2.40.inc > index 93631ca3d7..9df8715074 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.40.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.40.inc > @@ -35,5 +35,6 @@ SRC_URI = "\ > file://0014-configure-remove-dependencies-on-gmp-and-mpfr-when-g.patch \ > file://0015-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ > file://0016-CVE-2023-25586.patch \ > + file://0017-CVE-2023-1972.patch \ > " > S = "${WORKDIR}/git" > diff --git a/meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch b/meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch > new file mode 100644 > index 0000000000..6a84936730 > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch > @@ -0,0 +1,40 @@ > +From: Nick Clifton <nickc@redhat.com> > +Date: Thu, 30 Mar 2023 09:10:09 +0000 (+0100) > +Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef table. > +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57 > + > +Fix an illegal memory access when an accessing a zer0-lengthverdef table. > + > + PR 30285 > + * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated. > + > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57] > + > +CVE: CVE-2023-1972 > + > +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > +--- > + > +diff --git a/bfd/elf.c b/bfd/elf.c > +index 027d0143735..185028cbd97 100644 > +--- a/bfd/elf.c > ++++ b/bfd/elf.c > +@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) > + bfd_set_error (bfd_error_file_too_big); > + goto error_return_verdef; > + } > ++ > ++ if (amt == 0) > ++ goto error_return_verdef; > + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); > + if (elf_tdata (abfd)->verdef == NULL) > + goto error_return_verdef; > +@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) > + bfd_set_error (bfd_error_file_too_big); > + goto error_return; > + } > ++ if (amt == 0) > ++ goto error_return; > + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); > + if (elf_tdata (abfd)->verdef == NULL) > + goto error_return; > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#180857): https://lists.openembedded.org/g/openembedded-core/message/180857 > Mute This Topic: https://lists.openembedded.org/mt/98680180/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-devtools/binutils/binutils-2.40.inc b/meta/recipes-devtools/binutils/binutils-2.40.inc index 93631ca3d7..9df8715074 100644 --- a/meta/recipes-devtools/binutils/binutils-2.40.inc +++ b/meta/recipes-devtools/binutils/binutils-2.40.inc @@ -35,5 +35,6 @@ SRC_URI = "\ file://0014-configure-remove-dependencies-on-gmp-and-mpfr-when-g.patch \ file://0015-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ file://0016-CVE-2023-25586.patch \ + file://0017-CVE-2023-1972.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch b/meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch new file mode 100644 index 0000000000..6a84936730 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch @@ -0,0 +1,40 @@ +From: Nick Clifton <nickc@redhat.com> +Date: Thu, 30 Mar 2023 09:10:09 +0000 (+0100) +Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef table. +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57 + +Fix an illegal memory access when an accessing a zer0-lengthverdef table. + + PR 30285 + * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57] + +CVE: CVE-2023-1972 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> +--- + +diff --git a/bfd/elf.c b/bfd/elf.c +index 027d0143735..185028cbd97 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verdef; + } ++ ++ if (amt == 0) ++ goto error_return_verdef; + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verdef == NULL) + goto error_return_verdef; +@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return; + } ++ if (amt == 0) ++ goto error_return; + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verdef == NULL) + goto error_return;
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086] Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com> --- .../binutils/binutils-2.40.inc | 1 + .../binutils/0017-CVE-2023-1972.patch | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch