Message ID | 20221221181121.255767-1-yashinde145@gmail.com |
---|---|
State | Accepted, archived |
Commit | 1f269e532a8fd463de2869be2768feb79ad36bd7 |
Headers | show |
Series | [kirkstone] binutils : Fix CVE-2022-4285 | expand |
On Wed, Dec 21, 2022 at 8:11 AM Yash Shinde <yashinde145@gmail.com> wrote: > > From: Yash Shinde <Yash.Shinde@windriver.com> > > Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > > Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> > --- > .../binutils/binutils-2.38.inc | 1 + > .../binutils/0019-CVE-2022-4285.patch | 37 +++++++++++++++++++ > 2 files changed, 38 insertions(+) > create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc > index c1904768dc..0a4a0d7bc1 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc > @@ -42,5 +42,6 @@ SRC_URI = "\ > file://0018-CVE-2022-38128-1.patch \ > file://0018-CVE-2022-38128-2.patch \ > file://0018-CVE-2022-38128-3.patch \ > + file://0019-CVE-2022-4285.patch \ > " > S = "${WORKDIR}/git" > diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > new file mode 100644 > index 0000000000..e29bdaca00 > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > @@ -0,0 +1,37 @@ > +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 > +From: Nick Clifton <nickc@redhat.com> > +Date: Wed, 19 Oct 2022 15:09:12 +0100 > +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file > + containing corrupt symbol version information. > + > + PR 29699 > + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field > + of the section header is zero. > + > +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > +CVE: CVE-2022-4285 Missing Signed-off-by: Please submit a V3 for kirkstone. Thanks! Steve > + > +--- > + bfd/ChangeLog | 6 ++++++ > + bfd/elf.c | 4 +++- > + 2 files changed, 9 insertions(+), 1 deletion(-) > + > +diff --git a/bfd/elf.c b/bfd/elf.c > +index fe00e0f9189..7cd7febcf95 100644 > +--- a/bfd/elf.c > ++++ b/bfd/elf.c > +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) > + bfd_set_error (bfd_error_file_too_big); > + goto error_return_verref; > + } > +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); > ++ if (amt == 0) > ++ goto error_return_verref; > ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); > + if (elf_tdata (abfd)->verref == NULL) > + goto error_return_verref; > + > +-- > +2.31.1 > + > + > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#174936): https://lists.openembedded.org/g/openembedded-core/message/174936 > Mute This Topic: https://lists.openembedded.org/mt/95785266/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Posted v3 - https://lists.openembedded.org/g/openembedded-core/message/175030
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index c1904768dc..0a4a0d7bc1 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -42,5 +42,6 @@ SRC_URI = "\ file://0018-CVE-2022-38128-1.patch \ file://0018-CVE-2022-38128-2.patch \ file://0018-CVE-2022-38128-3.patch \ + file://0019-CVE-2022-4285.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch new file mode 100644 index 0000000000..e29bdaca00 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch @@ -0,0 +1,37 @@ +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 19 Oct 2022 15:09:12 +0100 +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file + containing corrupt symbol version information. + + PR 29699 + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field + of the section header is zero. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] +CVE: CVE-2022-4285 + +--- + bfd/ChangeLog | 6 ++++++ + bfd/elf.c | 4 +++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index fe00e0f9189..7cd7febcf95 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + +-- +2.31.1 + +