| Message ID | 20221221180009.255511-1-yashinde145@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] binutils : Fix CVE-2022-4285 | expand |
This is already fixed upstream: https://git.openembedded.org/openembedded-core/commit/?id=b6b750f8e41a392ff92d9118ef7530ada20d06fe On 21/12/2022 23:30:09+0530, Yash Shinde wrote: > From: Yash Shinde <Yash.Shinde@windriver.com> > > Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > > Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> > --- > .../binutils/binutils-2.39.inc | 1 + > .../binutils/0015-CVE-2022-4285.patch | 36 +++++++++++++++++++ > 2 files changed, 37 insertions(+) > create mode 100644 meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.39.inc b/meta/recipes-devtools/binutils/binutils-2.39.inc > index b040e57037..419571d56c 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.39.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.39.inc > @@ -35,6 +35,7 @@ SRC_URI = "\ > file://0014-CVE-2022-38128-1.patch \ > file://0014-CVE-2022-38128-2.patch \ > file://0014-CVE-2022-38128-3.patch \ > + file://0015-CVE-2022-4285.patch \ > " > S = "${WORKDIR}/git" > # Already in 2.39 branch > diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch > new file mode 100644 > index 0000000000..5ff5290334 > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch > @@ -0,0 +1,36 @@ > +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 > +From: Nick Clifton <nickc@redhat.com> > +Date: Wed, 19 Oct 2022 15:09:12 +0100 > +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file > + containing corrupt symbol version information. > + > + PR 29699 > + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field > + of the section header is zero. > + > +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > +CVE: CVE-2022-4285 > + > +--- > + bfd/ChangeLog | 6 ++++++ > + bfd/elf.c | 4 +++- > + 2 files changed, 9 insertions(+), 1 deletion(-) > + > +diff --git a/bfd/elf.c b/bfd/elf.c > +index fe00e0f9189..7cd7febcf95 100644 > +--- a/bfd/elf.c > ++++ b/bfd/elf.c > +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) > + bfd_set_error (bfd_error_file_too_big); > + goto error_return_verref; > + } > +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); > ++ if (amt == 0) > ++ goto error_return_verref; > ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); > + if (elf_tdata (abfd)->verref == NULL) > + goto error_return_verref; > + > +-- > +2.31.1 > + > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#174935): https://lists.openembedded.org/g/openembedded-core/message/174935 > Mute This Topic: https://lists.openembedded.org/mt/95811724/3617179 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Some updates were needed in the patch. So, posted a version 2 of it. Regards, Yash
On 21/12/2022 21:06:11-0800, Yash Shinde wrote: > Some updates were needed in the patch. So, posted a version 2 of it. > I understand that but in the meantime, your colleague submitted a proper patch and it has already been applied on master. > Regards, > > Yash > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#174954): https://lists.openembedded.org/g/openembedded-core/message/174954 > Mute This Topic: https://lists.openembedded.org/mt/95811724/3617179 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-devtools/binutils/binutils-2.39.inc b/meta/recipes-devtools/binutils/binutils-2.39.inc index b040e57037..419571d56c 100644 --- a/meta/recipes-devtools/binutils/binutils-2.39.inc +++ b/meta/recipes-devtools/binutils/binutils-2.39.inc @@ -35,6 +35,7 @@ SRC_URI = "\ file://0014-CVE-2022-38128-1.patch \ file://0014-CVE-2022-38128-2.patch \ file://0014-CVE-2022-38128-3.patch \ + file://0015-CVE-2022-4285.patch \ " S = "${WORKDIR}/git" # Already in 2.39 branch diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch new file mode 100644 index 0000000000..5ff5290334 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch @@ -0,0 +1,36 @@ +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 19 Oct 2022 15:09:12 +0100 +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file + containing corrupt symbol version information. + + PR 29699 + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field + of the section header is zero. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] +CVE: CVE-2022-4285 + +--- + bfd/ChangeLog | 6 ++++++ + bfd/elf.c | 4 +++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index fe00e0f9189..7cd7febcf95 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + +-- +2.31.1 +