Message ID | 20230906092532.675964-1-Deepthi.Hemraj@windriver.com |
---|---|
State | New, archived |
Headers | show |
Series | [kirkstone,V2] binutils: Fix CVE-2022-47008 | expand |
Hi Deepthi, Could you please submit V3 as a patch series? No ordering works as is, the second patch in a series for the same recipe must take the first into account. Steve On Tue, Sep 5, 2023 at 11:25 PM Hemraj, Deepthi via lists.openembedded.org <Deepthi.Hemraj=windriver.com@lists.openembedded.org> wrote: > > Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > --- > .../binutils/binutils-2.38.inc | 1 + > .../binutils/0027-CVE-2022-47008.patch | 67 +++++++++++++++++++ > 2 files changed, 68 insertions(+) > create mode 100644 meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc > index 5c3ff3d93a..9bcf7ad4f5 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc > @@ -56,5 +56,6 @@ SRC_URI = "\ > file://0023-CVE-2023-25585.patch \ > file://0026-CVE-2023-1972.patch \ > file://0025-CVE-2023-25588.patch \ > + file://0027-CVE-2022-47008.patch \ > " > S = "${WORKDIR}/git" > diff --git a/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch > new file mode 100644 > index 0000000000..a3fff65409 > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch > @@ -0,0 +1,67 @@ > +From: Alan Modra <amodra@gmail.com> > +Date: Thu, 16 Jun 2022 23:43:38 +0000 (+0930) > +Subject: PR29255, memory leak in make_tempdir > +X-Git-Tag: binutils-2_39~236 > +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682 > + > +PR29255, memory leak in make_tempdir > + > + PR 29255 > + * bucomm.c (make_tempdir, make_tempname): Free template on all > + failure paths. > + > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682] > + > +CVE: CVE-2022-47008 > + > +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> > + > +--- > + > +diff --git a/binutils/bucomm.c b/binutils/bucomm.c > +index fdc2209df9c..4395cb9f7f5 100644 > +--- a/binutils/bucomm.c > ++++ b/binutils/bucomm.c > +@@ -537,8 +537,9 @@ make_tempname (const char *filename, int *ofd) > + #else > + tmpname = mktemp (tmpname); > + if (tmpname == NULL) > +- return NULL; > +- fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); > ++ fd = -1; > ++ else > ++ fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); > + #endif > + if (fd == -1) > + { > +@@ -556,22 +557,23 @@ char * > + make_tempdir (const char *filename) > + { > + char *tmpname = template_in_dir (filename); > ++ char *ret; > + > + #ifdef HAVE_MKDTEMP > +- return mkdtemp (tmpname); > ++ ret = mkdtemp (tmpname); > + #else > +- tmpname = mktemp (tmpname); > +- if (tmpname == NULL) > +- return NULL; > ++ ret = mktemp (tmpname); > + #if defined (_WIN32) && !defined (__CYGWIN32__) > + if (mkdir (tmpname) != 0) > +- return NULL; > ++ ret = NULL; > + #else > + if (mkdir (tmpname, 0700) != 0) > +- return NULL; > ++ ret = NULL; > + #endif > +- return tmpname; > + #endif > ++ if (ret == NULL) > ++ free (tmpname); > ++ return ret; > + } > + > + /* Parse a string into a VMA, with a fatal error if it can't be > -- > 2.39.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#187288): https://lists.openembedded.org/g/openembedded-core/message/187288 > Mute This Topic: https://lists.openembedded.org/mt/101189179/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi Steve, I have submitted V3 as a patch series for both CVE-2022-47008 and CVE-2022-47011. https://lists.openembedded.org/g/openembedded-core/topic/kirkstone_patch_v3_1_2/101993403?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,101993403,previd%3D1697455830547490847,nextid%3D1697438547278672189&previd=1697455830547490847&nextid=1697438547278672189
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 5c3ff3d93a..9bcf7ad4f5 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -56,5 +56,6 @@ SRC_URI = "\ file://0023-CVE-2023-25585.patch \ file://0026-CVE-2023-1972.patch \ file://0025-CVE-2023-25588.patch \ + file://0027-CVE-2022-47008.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch new file mode 100644 index 0000000000..a3fff65409 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch @@ -0,0 +1,67 @@ +From: Alan Modra <amodra@gmail.com> +Date: Thu, 16 Jun 2022 23:43:38 +0000 (+0930) +Subject: PR29255, memory leak in make_tempdir +X-Git-Tag: binutils-2_39~236 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682 + +PR29255, memory leak in make_tempdir + + PR 29255 + * bucomm.c (make_tempdir, make_tempname): Free template on all + failure paths. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682] + +CVE: CVE-2022-47008 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +--- + +diff --git a/binutils/bucomm.c b/binutils/bucomm.c +index fdc2209df9c..4395cb9f7f5 100644 +--- a/binutils/bucomm.c ++++ b/binutils/bucomm.c +@@ -537,8 +537,9 @@ make_tempname (const char *filename, int *ofd) + #else + tmpname = mktemp (tmpname); + if (tmpname == NULL) +- return NULL; +- fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); ++ fd = -1; ++ else ++ fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); + #endif + if (fd == -1) + { +@@ -556,22 +557,23 @@ char * + make_tempdir (const char *filename) + { + char *tmpname = template_in_dir (filename); ++ char *ret; + + #ifdef HAVE_MKDTEMP +- return mkdtemp (tmpname); ++ ret = mkdtemp (tmpname); + #else +- tmpname = mktemp (tmpname); +- if (tmpname == NULL) +- return NULL; ++ ret = mktemp (tmpname); + #if defined (_WIN32) && !defined (__CYGWIN32__) + if (mkdir (tmpname) != 0) +- return NULL; ++ ret = NULL; + #else + if (mkdir (tmpname, 0700) != 0) +- return NULL; ++ ret = NULL; + #endif +- return tmpname; + #endif ++ if (ret == NULL) ++ free (tmpname); ++ return ret; + } + + /* Parse a string into a VMA, with a fatal error if it can't be
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> --- .../binutils/binutils-2.38.inc | 1 + .../binutils/0027-CVE-2022-47008.patch | 67 +++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch