Browse code
binutils : Fix CVE-2018-6543.
Change-Id: I6283478a563260195d3db73e8602f9cf6f1a478b
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4838
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
Xiaolin Li authored on 2018/03/01 09:39:36Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,42 @@ |
| 0 |
+From f2023ce7e8d70b0155cc6206c901e185260918f0 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Alan Modra <amodra@gmail.com> |
|
| 2 |
+Date: Thu, 1 Feb 2018 18:01:00 +1030 |
|
| 3 |
+Subject: [PATCH] PR22769, crash when running 32-bit objdump on corrupted file |
|
| 4 |
+ |
|
| 5 |
+ PR 22769 |
|
| 6 |
+ * objdump.c (load_specific_debug_section): Check for overflow |
|
| 7 |
+ when adding one to section size for a string section terminator. |
|
| 8 |
+--- |
|
| 9 |
+ binutils/ChangeLog | 6 ++++++ |
|
| 10 |
+ binutils/objdump.c | 7 +++++-- |
|
| 11 |
+ 2 files changed, 11 insertions(+), 2 deletions(-) |
|
| 12 |
+ |
|
| 13 |
+diff --git a/binutils/objdump.c b/binutils/objdump.c |
|
| 14 |
+index 6c4d936..d8dca90 100644 |
|
| 15 |
+--- a/binutils/objdump.c |
|
| 16 |
+@@ -2466,6 +2466,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, |
|
| 17 |
+ struct dwarf_section *section = &debug_displays [debug].section; |
|
| 18 |
+ bfd *abfd = (bfd *) file; |
|
| 19 |
+ bfd_byte *contents; |
|
| 20 |
++ bfd_size_type amt; |
|
| 21 |
+ |
|
| 22 |
+ if (section->start != NULL) |
|
| 23 |
+ {
|
|
| 24 |
+@@ -2480,9 +2481,11 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, |
|
| 25 |
+ section->num_relocs = 0; |
|
| 26 |
+ section->address = bfd_get_section_vma (abfd, sec); |
|
| 27 |
+ section->size = bfd_get_section_size (sec); |
|
| 28 |
+- section->start = contents = malloc (section->size + 1); |
|
| 29 |
++ amt = section->size + 1; |
|
| 30 |
++ section->start = contents = malloc (amt); |
|
| 31 |
+ section->user_data = sec; |
|
| 32 |
+- if (section->start == NULL |
|
| 33 |
++ if (amt == 0 |
|
| 34 |
++ || section->start == NULL |
|
| 35 |
+ || !bfd_get_full_section_contents (abfd, sec, &contents)) |
|
| 36 |
+ {
|
|
| 37 |
+ free_debug_section (debug); |
|
| 38 |
+-- |
|
| 39 |
+2.9.3 |
|
| 40 |
+ |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: Contains a linker, an assembler, and other tools |
| 2 | 2 |
Name: binutils |
| 3 | 3 |
Version: 2.30 |
| 4 |
-Release: 1%{?dist}
|
|
| 4 |
+Release: 2%{?dist}
|
|
| 5 | 5 |
License: GPLv2+ |
| 6 | 6 |
URL: http://www.gnu.org/software/binutils |
| 7 | 7 |
Group: System Environment/Base |
| ... | ... |
@@ -9,6 +9,7 @@ Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz
|
| 11 | 11 |
%define sha1 binutils=574d3b5650413d6ee65195a4f5ecbddc3a38f718 |
| 12 |
+Patch0: binutils-2.30-CVE-2018-6543.patch |
|
| 12 | 13 |
%description |
| 13 | 14 |
The Binutils package contains a linker, an assembler, |
| 14 | 15 |
and other tools for handling object files. |
| ... | ... |
@@ -20,6 +21,7 @@ It contains the libraries and header files to create applications |
| 20 | 20 |
for handling compiled objects. |
| 21 | 21 |
%prep |
| 22 | 22 |
%setup -q |
| 23 |
+%patch0 -p1 |
|
| 23 | 24 |
|
| 24 | 25 |
%build |
| 25 | 26 |
install -vdm 755 ../binutils-build |
| ... | ... |
@@ -107,6 +109,8 @@ make %{?_smp_mflags} check
|
| 107 | 107 |
%{_libdir}/libopcodes.so
|
| 108 | 108 |
|
| 109 | 109 |
%changelog |
| 110 |
+* Wed Feb 28 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-2 |
|
| 111 |
+- Fix CVE-2018-6543. |
|
| 110 | 112 |
* Mon Jan 29 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-1 |
| 111 | 113 |
- Update to version 2.30 |
| 112 | 114 |
* Mon Dec 18 2017 Anish Swaminathan <anishs@vmware.com> 2.29.1-4 |