GitList

Browse code

BUG 2133426 : Fix for [CVE-2018-10373] in binutils for 2.0

Add a NULL check for table pointer before attempting to
compute a DWARF filename.

Change-Id: Ie578617fa2214cfe38c7bfcc3d320c5edf917f60
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5258
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Tapas Kundu <tkundu@vmware.com>
Reviewed-by: Sharath George

Keerthana K authored on 2018/06/13 22:17:06
Showing 2 changed files

SPECS/binutils/binutils-2.30-CVE-2018-10373.patch index 0000000..188145a
SPECS/binutils/binutils.spec index 3aaa6c8..646de76 100644

SPECS/binutils/binutils-2.30-CVE-2018-10373.patch

History View file @ 772f54c

                     new file mode 100644
@@ -0,0 +1,15 @@
                     +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
                     +index ca22db7..0f8257f 100644
                     +--- a/bfd/dwarf2.c
                     +@@ -1566,7 +1566,7 @@ concat_filename (struct line_info_table *table, unsigned int file)
                     + {
                     +   char *filename;
+                    +
                     +-  if (file - 1 >= table->num_files)
                     ++  if (table == NULL || file - 1 >= table->num_files)
                     +     {
                     +       /* FILE == 0 means unknown.  */
                     +       if (file)
                     +--
                     +2.9.3

SPECS/binutils/binutils.spec

History View file @ 772f54c

@@ -1,7 +1,7 @@
                      Summary:        Contains a linker, an assembler, and other tools
                      Name:           binutils
                      Version:        2.30
                     -Release:        4%{?dist}
                     +Release:        5%{?dist}
                      License:        GPLv2+
                      URL:            http://www.gnu.org/software/binutils
                      Group:          System Environment/Base
@@ -12,6 +12,7 @@ Source0:        http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz
                      Patch0:         binutils-2.30-CVE-2018-6543.patch
                      Patch1:         binutils-2.30-CVE-2018-7643.patch
                      Patch2:         binutils-2.30-CVE-2018-7208.patch
                     +Patch3:         binutils-2.30-CVE-2018-10373.patch
                      %description
                      The Binutils package contains a linker, an assembler,
                      and other tools for handling object files.
@@ -26,6 +27,7 @@ for handling compiled objects.
                      %patch0 -p1
                      %patch1 -p1
                      %patch2 -p1
                     +%patch3 -p1
                      %build
                      install -vdm 755 ../binutils-build
@@ -116,6 +118,8 @@ make %{?_smp_mflags} check
                      %{_lib64dir}/libiberty.a
                      %changelog
                     +*   Thu Jun 12 2018 Keerthana K <keerthanak@vmware.com> 2.30-5
                     +-   Fix CVE-2018-10373
                      *   Tue Apr 17 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-4
                      -   Fix CVE-2018-7643, CVE-2018-7208
                      *   Mon Mar 19 2018 Alexey Makhalov <amakhalov@vmware.com> 2.30-3