binutils: Security fix CVE-2017-8421

Affects: <= 2.28 (From OE-Core rev: 7442e97d451047e5f8ed2e23f5898837a7d572a7) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-26 13:27:38 -08:00 · 2017-11-26 13:27:38 -08:00 · ffdcca938b
parent 5d2f47f2a2
commit ffdcca938b
2 changed files with 53 additions and 0 deletions
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@ -50,6 +50,7 @@ SRC_URI = "\
     file://CVE-2017-8395.patch \
     file://CVE-2017-8396_8397.patch \
     file://CVE-2017-8398.patch \
+     file://CVE-2017-8421.patch \
 "
 S  = "${WORKDIR}/git"

--- a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
@ -0,0 +1,52 @@
+From 39ff1b79f687b65f4144ddb379f22587003443fb Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 2 May 2017 11:54:53 +0100
+Subject: [PATCH] Prevent memory exhaustion from a corrupt PE binary with an
+ overlarge number of relocs.
+
+	PR 21440
+	* objdump.c (dump_relocs_in_section): Check for an excessive
+	number of relocs before attempting to dump them.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8421
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/objdump.c | 8 ++++++++
+ 2 files changed, 14 insertions(+)
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
+++ git/binutils/objdump.c
+@@ -3311,6 +3311,14 @@ dump_relocs_in_section (bfd *abfd,
+       return;
+     }
+ 
+  if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+      && relsize > get_file_size (bfd_get_filename (abfd)))
+    {
+      printf (" (too many: 0x%x)\n", section->reloc_count);
+      bfd_set_error (bfd_error_file_truncated);
+      bfd_fatal (bfd_get_filename (abfd));
+    }
+
+   relpp = (arelent **) xmalloc (relsize);
+   relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
+ 
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
+++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
+2017-05-02  Nick Clifton  <nickc@redhat.com>
+
+       PR 21440
+       * objdump.c (dump_relocs_in_section): Check for an excessive
+       number of relocs before attempting to dump them.
+
+ 2017-04-28  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/21438