Change-Id: Ib7110a7f3b67f0e7959a681ce126e6227f12249f
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4840
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,42 @@ |
0 |
+From f2023ce7e8d70b0155cc6206c901e185260918f0 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Alan Modra <amodra@gmail.com> |
|
2 |
+Date: Thu, 1 Feb 2018 18:01:00 +1030 |
|
3 |
+Subject: [PATCH] PR22769, crash when running 32-bit objdump on corrupted file |
|
4 |
+ |
|
5 |
+ PR 22769 |
|
6 |
+ * objdump.c (load_specific_debug_section): Check for overflow |
|
7 |
+ when adding one to section size for a string section terminator. |
|
8 |
+--- |
|
9 |
+ binutils/ChangeLog | 6 ++++++ |
|
10 |
+ binutils/objdump.c | 7 +++++-- |
|
11 |
+ 2 files changed, 11 insertions(+), 2 deletions(-) |
|
12 |
+ |
|
13 |
+diff --git a/binutils/objdump.c b/binutils/objdump.c |
|
14 |
+index 6c4d936..d8dca90 100644 |
|
15 |
+--- a/binutils/objdump.c |
|
16 |
+@@ -2466,6 +2466,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, |
|
17 |
+ struct dwarf_section *section = &debug_displays [debug].section; |
|
18 |
+ bfd *abfd = (bfd *) file; |
|
19 |
+ bfd_byte *contents; |
|
20 |
++ bfd_size_type amt; |
|
21 |
+ |
|
22 |
+ if (section->start != NULL) |
|
23 |
+ { |
|
24 |
+@@ -2480,9 +2481,11 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, |
|
25 |
+ section->num_relocs = 0; |
|
26 |
+ section->address = bfd_get_section_vma (abfd, sec); |
|
27 |
+ section->size = bfd_get_section_size (sec); |
|
28 |
+- section->start = contents = malloc (section->size + 1); |
|
29 |
++ amt = section->size + 1; |
|
30 |
++ section->start = contents = malloc (amt); |
|
31 |
+ section->user_data = sec; |
|
32 |
+- if (section->start == NULL |
|
33 |
++ if (amt == 0 |
|
34 |
++ || section->start == NULL |
|
35 |
+ || !bfd_get_full_section_contents (abfd, sec, &contents)) |
|
36 |
+ { |
|
37 |
+ free_debug_section (debug); |
|
38 |
+-- |
|
39 |
+2.9.3 |
|
40 |
+ |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: Contains a linker, an assembler, and other tools |
2 | 2 |
Name: binutils |
3 | 3 |
Version: 2.30 |
4 |
-Release: 1%{?dist} |
|
4 |
+Release: 2%{?dist} |
|
5 | 5 |
License: GPLv2+ |
6 | 6 |
URL: http://www.gnu.org/software/binutils |
7 | 7 |
Group: System Environment/Base |
... | ... |
@@ -9,7 +9,7 @@ Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz |
11 | 11 |
%define sha1 binutils=574d3b5650413d6ee65195a4f5ecbddc3a38f718 |
12 |
- |
|
12 |
+Patch0: binutils-2.30-CVE-2018-6543.patch |
|
13 | 13 |
%description |
14 | 14 |
The Binutils package contains a linker, an assembler, |
15 | 15 |
and other tools for handling object files. |
... | ... |
@@ -17,11 +17,11 @@ and other tools for handling object files. |
17 | 17 |
Summary: Header and development files for binutils |
18 | 18 |
Requires: %{name} = %{version} |
19 | 19 |
%description devel |
20 |
-It contains the libraries and header files to create applications |
|
20 |
+It contains the libraries and header files to create applications |
|
21 | 21 |
for handling compiled objects. |
22 | 22 |
%prep |
23 | 23 |
%setup -q |
24 |
- |
|
24 |
+%patch0 -p1 |
|
25 | 25 |
%build |
26 | 26 |
install -vdm 755 ../binutils-build |
27 | 27 |
cd ../binutils-build |
... | ... |
@@ -108,6 +108,8 @@ make %{?_smp_mflags} check |
108 | 108 |
%{_libdir}/libopcodes.so |
109 | 109 |
|
110 | 110 |
%changelog |
111 |
+* Wed Feb 28 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-2 |
|
112 |
+- Fix CVE-2018-6543. |
|
111 | 113 |
* Mon Jan 29 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-1 |
112 | 114 |
- Update to version 2.30 |
113 | 115 |
* Mon Dec 18 2017 Anish Swaminathan <anishs@vmware.com> 2.29.1-5 |