Browse code
BUG 2133412 : Fix for [CVE-2018-10373] in Binutils
Add a NULL check for table pointer before attempting to
compute a DWARF filename.
Change-Id: If098673dbe444ad9d805d3ca19e99816f976e2bc
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5255
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
Keerthana K authored on 2018/06/13 04:55:29Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,15 @@ |
| 0 |
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c |
|
| 1 |
+index ca22db7..0f8257f 100644 |
|
| 2 |
+--- a/bfd/dwarf2.c |
|
| 3 |
+@@ -1566,7 +1566,7 @@ concat_filename (struct line_info_table *table, unsigned int file) |
|
| 4 |
+ {
|
|
| 5 |
+ char *filename; |
|
| 6 |
+ |
|
| 7 |
+- if (file - 1 >= table->num_files) |
|
| 8 |
++ if (table == NULL || file - 1 >= table->num_files) |
|
| 9 |
+ {
|
|
| 10 |
+ /* FILE == 0 means unknown. */ |
|
| 11 |
+ if (file) |
|
| 12 |
+-- |
|
| 13 |
+2.9.3 |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: Contains a linker, an assembler, and other tools |
| 2 | 2 |
Name: binutils |
| 3 | 3 |
Version: 2.30 |
| 4 |
-Release: 3%{?dist}
|
|
| 4 |
+Release: 4%{?dist}
|
|
| 5 | 5 |
License: GPLv2+ |
| 6 | 6 |
URL: http://www.gnu.org/software/binutils |
| 7 | 7 |
Group: System Environment/Base |
| ... | ... |
@@ -12,6 +12,7 @@ Source0: http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz
|
| 12 | 12 |
Patch0: binutils-2.30-CVE-2018-6543.patch |
| 13 | 13 |
Patch1: binutils-2.30-CVE-2018-7643.patch |
| 14 | 14 |
Patch2: binutils-2.30-CVE-2018-7208.patch |
| 15 |
+Patch3: binutils-2.30-CVE-2018-10373.patch |
|
| 15 | 16 |
%description |
| 16 | 17 |
The Binutils package contains a linker, an assembler, |
| 17 | 18 |
and other tools for handling object files. |
| ... | ... |
@@ -28,6 +29,7 @@ for handling compiled objects. |
| 28 | 28 |
%patch0 -p1 |
| 29 | 29 |
%patch1 -p1 |
| 30 | 30 |
%patch2 -p1 |
| 31 |
+%patch3 -p1 |
|
| 31 | 32 |
%build |
| 32 | 33 |
install -vdm 755 ../binutils-build |
| 33 | 34 |
cd ../binutils-build |
| ... | ... |
@@ -115,6 +117,8 @@ make %{?_smp_mflags} check
|
| 115 | 115 |
%{_libdir}/libopcodes.so
|
| 116 | 116 |
|
| 117 | 117 |
%changelog |
| 118 |
+* Thu Jun 7 2018 Keerthana K <keerthanak@vmware.com> 2.30-4 |
|
| 119 |
+- Fix CVE-2018-10373 |
|
| 118 | 120 |
* Tue Apr 17 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-3 |
| 119 | 121 |
- Fix CVE-2018-7643, CVE-2018-7208 |
| 120 | 122 |
* Wed Feb 28 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-2 |