Message ID | 03e6ea59d82e613ba3b5d388fa87317cef982f2b.1700620126.git.steve@sakoman.com |
---|---|
State | New, archived |
Delegated to: | Steve Sakoman |
Headers | show |
Series | [kirkstone,01/16] tiff: Backport fix for CVE-2023-41175 | expand |
On Tue, 2023-11-21 at 16:31 -1000, Steve Sakoman wrote: > From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > > Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > Signed-off-by: Steve Sakoman <steve@sakoman.com> > --- > .../binutils/binutils-2.38.inc | 1 + > .../binutils/0033-CVE-2022-47007.patch | 34 +++++++++++++++++++ > 2 files changed, 35 insertions(+) > create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc > index 43cc97f1ef..dc29141812 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc > @@ -67,5 +67,6 @@ SRC_URI = "\ > file://0031-CVE-2022-47695.patch \ > file://CVE-2022-48063.patch \ > file://0032-CVE-2022-47010.patch \ > + file://0033-CVE-2022-47007.patch \ > " > S = "${WORKDIR}/git" > diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch > new file mode 100644 > index 0000000000..cc6dfe684b > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch > @@ -0,0 +1,34 @@ > +From: Alan Modra <amodra@gmail.com> > +Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930) > +Subject: PR29254, memory leak in stab_demangle_v3_arg > +X-Git-Tag: binutils-2_39~237 > +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb > + > +PR29254, memory leak in stab_demangle_v3_arg > + > + PR 29254 > + * stabs.c (stab_demangle_v3_arg): Free dt on failure path. > + > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb] > + > +CVE: CVE-2022-47007 > + > +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > +--- > + This has not merged to master yet. It probably will but... Cheers, Richard
On Thu, Nov 23, 2023 at 2:41 AM Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > > On Tue, 2023-11-21 at 16:31 -1000, Steve Sakoman wrote: > > From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > > > > Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > > Signed-off-by: Steve Sakoman <steve@sakoman.com> > > --- > > .../binutils/binutils-2.38.inc | 1 + > > .../binutils/0033-CVE-2022-47007.patch | 34 +++++++++++++++++++ > > 2 files changed, 35 insertions(+) > > create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch > > > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc > > index 43cc97f1ef..dc29141812 100644 > > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc > > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc > > @@ -67,5 +67,6 @@ SRC_URI = "\ > > file://0031-CVE-2022-47695.patch \ > > file://CVE-2022-48063.patch \ > > file://0032-CVE-2022-47010.patch \ > > + file://0033-CVE-2022-47007.patch \ > > " > > S = "${WORKDIR}/git" > > diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch > > new file mode 100644 > > index 0000000000..cc6dfe684b > > --- /dev/null > > +++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch > > @@ -0,0 +1,34 @@ > > +From: Alan Modra <amodra@gmail.com> > > +Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930) > > +Subject: PR29254, memory leak in stab_demangle_v3_arg > > +X-Git-Tag: binutils-2_39~237 > > +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb > > + > > +PR29254, memory leak in stab_demangle_v3_arg > > + > > + PR 29254 > > + * stabs.c (stab_demangle_v3_arg): Free dt on failure path. > > + > > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb] > > + > > +CVE: CVE-2022-47007 > > + > > +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > > +--- > > + > > This has not merged to master yet. It probably will but... This CVE shouldn't affect master, it is for binutils versions 2.34 thru 2.38, while master is 2.41 See: https://nvd.nist.gov/vuln/detail/CVE-2022-47007 Steve
On Thu, 2023-11-23 at 04:49 -1000, Steve Sakoman wrote: > On Thu, Nov 23, 2023 at 2:41 AM Richard Purdie > <richard.purdie@linuxfoundation.org> wrote: > > > > On Tue, 2023-11-21 at 16:31 -1000, Steve Sakoman wrote: > > > From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > > > > > > Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > > > Signed-off-by: Steve Sakoman <steve@sakoman.com> > > > --- > > > .../binutils/binutils-2.38.inc | 1 + > > > .../binutils/0033-CVE-2022-47007.patch | 34 +++++++++++++++++++ > > > 2 files changed, 35 insertions(+) > > > create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch > > > > > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc > > > index 43cc97f1ef..dc29141812 100644 > > > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc > > > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc > > > @@ -67,5 +67,6 @@ SRC_URI = "\ > > > file://0031-CVE-2022-47695.patch \ > > > file://CVE-2022-48063.patch \ > > > file://0032-CVE-2022-47010.patch \ > > > + file://0033-CVE-2022-47007.patch \ > > > " > > > S = "${WORKDIR}/git" > > > diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch > > > new file mode 100644 > > > index 0000000000..cc6dfe684b > > > --- /dev/null > > > +++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch > > > @@ -0,0 +1,34 @@ > > > +From: Alan Modra <amodra@gmail.com> > > > +Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930) > > > +Subject: PR29254, memory leak in stab_demangle_v3_arg > > > +X-Git-Tag: binutils-2_39~237 > > > +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb > > > + > > > +PR29254, memory leak in stab_demangle_v3_arg > > > + > > > + PR 29254 > > > + * stabs.c (stab_demangle_v3_arg): Free dt on failure path. > > > + > > > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb] > > > + > > > +CVE: CVE-2022-47007 > > > + > > > +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > > > +--- > > > + > > > > This has not merged to master yet. It probably will but... > > This CVE shouldn't affect master, it is for binutils versions 2.34 > thru 2.38, while master is 2.41 > > See: https://nvd.nist.gov/vuln/detail/CVE-2022-47007 This was merged to master but clearly shouldn't be as it was reverted upstream as part of: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19cacf672930cee20feaf1f3468e3d5ac3099ffd Cheers, Richard
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 43cc97f1ef..dc29141812 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -67,5 +67,6 @@ SRC_URI = "\ file://0031-CVE-2022-47695.patch \ file://CVE-2022-48063.patch \ file://0032-CVE-2022-47010.patch \ + file://0033-CVE-2022-47007.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch new file mode 100644 index 0000000000..cc6dfe684b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch @@ -0,0 +1,34 @@ +From: Alan Modra <amodra@gmail.com> +Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930) +Subject: PR29254, memory leak in stab_demangle_v3_arg +X-Git-Tag: binutils-2_39~237 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb + +PR29254, memory leak in stab_demangle_v3_arg + + PR 29254 + * stabs.c (stab_demangle_v3_arg): Free dt on failure path. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb] + +CVE: CVE-2022-47007 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> +--- + +diff --git a/binutils/stabs.c b/binutils/stabs.c +index 2b5241637c1..796ff85b86a 100644 +--- a/binutils/stabs.c ++++ b/binutils/stabs.c +@@ -5467,7 +5467,10 @@ stab_demangle_v3_arg (void *dhandle, struct stab_handle *info, + dc->u.s_binary.right, + &varargs); + if (pargs == NULL) +- return NULL; ++ { ++ free (dt); ++ return NULL; ++ } + + return debug_make_function_type (dhandle, dt, pargs, varargs); + }