[kirkstone] binutils : Fix CVE-2022-4285

Message ID	20221221181121.255767-1-yashinde145@gmail.com
State	Accepted, archived
Commit	1f269e532a8fd463de2869be2768feb79ad36bd7
Headers	show Return-Path: <yashinde145@gmail.com> ip: 209.85.216.42, mailfrom: yashinde145@gmail.com) From: Yash Shinde <yashinde145@gmail.com> To: openembedded-core@lists.openembedded.org Cc: Randy.MacLeod@windriver.com, Umesh.Kallapa@windriver.com, Naveen.Gowda@windriver.com, Sundeep.Kokkonda@windriver.com, Shivaprasad.Moodalappa@windriver.com, Yash.Shinde@windriver.com Subject: [kirkstone] [PATCH] binutils : Fix CVE-2022-4285 Date: Wed, 21 Dec 2022 23:41:21 +0530 Message-Id: <20221221181121.255767-1-yashinde145@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone] binutils : Fix CVE-2022-4285 \| expand [kirkstone] binutils : Fix CVE-2022-4285

Message ID

20221221181121.255767-1-yashinde145@gmail.com

State

Accepted, archived

Commit

1f269e532a8fd463de2869be2768feb79ad36bd7

Headers

From: Yash Shinde <yashinde145@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Randy.MacLeod@windriver.com,
	Umesh.Kallapa@windriver.com,
	Naveen.Gowda@windriver.com,
	Sundeep.Kokkonda@windriver.com,
	Shivaprasad.Moodalappa@windriver.com,
	Yash.Shinde@windriver.com
Subject: [kirkstone] [PATCH] binutils : Fix CVE-2022-4285
Date: Wed, 21 Dec 2022 23:41:21 +0530
Message-Id: <20221221181121.255767-1-yashinde145@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone] binutils : Fix CVE-2022-4285 | expand

Commit Message

Yash Shinde Dec. 21, 2022, 6:11 p.m. UTC

From: Yash Shinde <Yash.Shinde@windriver.com>

Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
---
 .../binutils/binutils-2.38.inc                |  1 +
 .../binutils/0019-CVE-2022-4285.patch         | 37 +++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch

Comments

Steve Sakoman Dec. 22, 2022, 2:36 p.m. UTC | #1

On Wed, Dec 21, 2022 at 8:11 AM Yash Shinde <yashinde145@gmail.com> wrote:
>
> From: Yash Shinde <Yash.Shinde@windriver.com>
>
> Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
>
> Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
> ---
>  .../binutils/binutils-2.38.inc                |  1 +
>  .../binutils/0019-CVE-2022-4285.patch         | 37 +++++++++++++++++++
>  2 files changed, 38 insertions(+)
>  create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
>
> diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
> index c1904768dc..0a4a0d7bc1 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.38.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
> @@ -42,5 +42,6 @@ SRC_URI = "\
>       file://0018-CVE-2022-38128-1.patch \
>       file://0018-CVE-2022-38128-2.patch \
>       file://0018-CVE-2022-38128-3.patch \
> +     file://0019-CVE-2022-4285.patch \
>  "
>  S  = "${WORKDIR}/git"
> diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
> new file mode 100644
> index 0000000000..e29bdaca00
> --- /dev/null
> +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
> @@ -0,0 +1,37 @@
> +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001
> +From: Nick Clifton <nickc@redhat.com>
> +Date: Wed, 19 Oct 2022 15:09:12 +0100
> +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file
> + containing corrupt symbol version information.
> +
> +       PR 29699
> +       * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
> +       of the section header is zero.
> +
> +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
> +CVE: CVE-2022-4285

Missing Signed-off-by:

Please submit a V3 for kirkstone.

Thanks!

Steve

> +
> +---
> + bfd/ChangeLog | 6 ++++++
> + bfd/elf.c     | 4 +++-
> + 2 files changed, 9 insertions(+), 1 deletion(-)
> +
> +diff --git a/bfd/elf.c b/bfd/elf.c
> +index fe00e0f9189..7cd7febcf95 100644
> +--- a/bfd/elf.c
> ++++ b/bfd/elf.c
> +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
> +         bfd_set_error (bfd_error_file_too_big);
> +         goto error_return_verref;
> +       }
> +-      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
> ++      if (amt == 0)
> ++      goto error_return_verref;
> ++      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
> +       if (elf_tdata (abfd)->verref == NULL)
> +       goto error_return_verref;
> +
> +--
> +2.31.1
> +
> +
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#174936): https://lists.openembedded.org/g/openembedded-core/message/174936
> Mute This Topic: https://lists.openembedded.org/mt/95785266/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Yash Shinde Dec. 27, 2022, 4:54 p.m. UTC | #2

Posted v3 - https://lists.openembedded.org/g/openembedded-core/message/175030

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index c1904768dc..0a4a0d7bc1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -42,5 +42,6 @@  SRC_URI = "\
      file://0018-CVE-2022-38128-1.patch \
      file://0018-CVE-2022-38128-2.patch \
      file://0018-CVE-2022-38128-3.patch \
+     file://0019-CVE-2022-4285.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
new file mode 100644
index 0000000000..e29bdaca00
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
@@ -0,0 +1,37 @@ 
+From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 19 Oct 2022 15:09:12 +0100
+Subject: [PATCH] Fix an illegal memory access when parsing an ELF file
+ containing corrupt symbol version information.
+
+	PR 29699
+	* elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
+	of the section header is zero.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
+CVE: CVE-2022-4285
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/elf.c     | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index fe00e0f9189..7cd7febcf95 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ 	  bfd_set_error (bfd_error_file_too_big);
+ 	  goto error_return_verref;
+ 	}
+-      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
++      if (amt == 0)
++	goto error_return_verref;
++      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verref == NULL)
+ 	goto error_return_verref;
+ 
+-- 
+2.31.1
+
+

[kirkstone] binutils : Fix CVE-2022-4285

Commit Message

Comments

Patch