1. photon
  2. Commit bde805ab1c8dbe3fd0d9962ade3e24edfa09628a
Browse code

binutils : Fix CVE-2018-6543.

Change-Id: Ib7110a7f3b67f0e7959a681ce126e6227f12249f
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4840
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>

Xiaolin Li authored on 2018/03/01 09:57:10
Showing 2 changed files
SPECS/binutils/binutils-2.30-CVE-2018-6543.patch
History View file @ bde805a
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,42 @@
0 
+From f2023ce7e8d70b0155cc6206c901e185260918f0 Mon Sep 17 00:00:00 2001
1 
+From: Alan Modra <amodra@gmail.com>
2 
+Date: Thu, 1 Feb 2018 18:01:00 +1030
3 
+Subject: [PATCH] PR22769, crash when running 32-bit objdump on corrupted file
4 
+
5 
+	PR 22769
6 
+	* objdump.c (load_specific_debug_section): Check for overflow
7 
+	when adding one to section size for a string section terminator.
8 
+---
9 
+ binutils/ChangeLog | 6 ++++++
10 
+ binutils/objdump.c | 7 +++++--
11 
+ 2 files changed, 11 insertions(+), 2 deletions(-)
12 
+
13 
+diff --git a/binutils/objdump.c b/binutils/objdump.c
14 
+index 6c4d936..d8dca90 100644
15 
+--- a/binutils/objdump.c
16 
+@@ -2466,6 +2466,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
17 
+   struct dwarf_section *section = &debug_displays [debug].section;
18 
+   bfd *abfd = (bfd *) file;
19 
+   bfd_byte *contents;
20 
++  bfd_size_type amt;
21 
+
22 
+   if (section->start != NULL)
23 
+     {
24 
+@@ -2480,9 +2481,11 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
25 
+   section->num_relocs = 0;
26 
+   section->address = bfd_get_section_vma (abfd, sec);
27 
+   section->size = bfd_get_section_size (sec);
28 
+-  section->start = contents = malloc (section->size + 1);
29 
++  amt = section->size + 1;
30 
++  section->start = contents = malloc (amt);
31 
+   section->user_data = sec;
32 
+-  if (section->start == NULL
33 
++  if (amt == 0
34 
++      || section->start == NULL
35 
+       || !bfd_get_full_section_contents (abfd, sec, &contents))
36 
+     {
37 
+       free_debug_section (debug);
38 
+--
39 
+2.9.3
40 
+
SPECS/binutils/binutils.spec
History View file @ bde805a
... ... 
@@ -1,7 +1,7 @@
1 1 
 Summary:        Contains a linker, an assembler, and other tools
2 2 
 Name:           binutils
3 3 
 Version:        2.30
4 
-Release:        1%{?dist}
4 
+Release:        2%{?dist}
5 5 
 License:        GPLv2+
6 6 
 URL:            http://www.gnu.org/software/binutils
7 7 
 Group:          System Environment/Base
... ... 
@@ -9,7 +9,7 @@ Vendor:         VMware, Inc.
9 9 
 Distribution:   Photon
10 10 
 Source0:        http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz
11 11 
 %define sha1 binutils=574d3b5650413d6ee65195a4f5ecbddc3a38f718
12 
-
12 
+Patch0:         binutils-2.30-CVE-2018-6543.patch
13 13 
 %description
14 14 
 The Binutils package contains a linker, an assembler,
15 15 
 and other tools for handling object files.
... ... 
@@ -17,11 +17,11 @@ and other tools for handling object files.
17 17 
 Summary:    Header and development files for binutils
18 18 
 Requires:   %{name} = %{version}
19 19 
 %description    devel
20 
-It contains the libraries and header files to create applications
20 
+It contains the libraries and header files to create applications
21 21 
 for handling compiled objects.
22 22 
 %prep
23 23 
 %setup -q
24 
-
24 
+%patch0 -p1
25 25 
 %build
26 26 
 install -vdm 755 ../binutils-build
27 27 
 cd ../binutils-build
... ... 
@@ -108,6 +108,8 @@ make %{?_smp_mflags} check
108 108 
 %{_libdir}/libopcodes.so
109 109
110 110 
 %changelog
111 
+*   Wed Feb 28 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-2
112 
+-   Fix CVE-2018-6543.
111 113 
 *   Mon Jan 29 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-1
112 114 
 -   Update to version 2.30
113 115 
 *   Mon Dec 18 2017 Anish Swaminathan <anishs@vmware.com> 2.29.1-5