rpms / binutils

Clone
Source Code
GIT

Blame SOURCES/binutils-CVE-2018-8945.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   b2bdc113d8d42e9d69ec2af6bc0360508a109a39
  2.   SOURCES
  3.   binutils-CVE-2018-8945.patch
Blob History Raw
6cffa7 
diff -rup binutils.orig/bfd/elf-attrs.c binutils-2.27/bfd/elf-attrs.c
6cffa7 
--- binutils.orig/bfd/elf-attrs.c	2018-05-30 09:57:23.385080577 +0100
6cffa7 
+++ binutils-2.27/bfd/elf-attrs.c	2018-05-30 10:01:03.528712202 +0100
6cffa7 
@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El
6cffa7 
   /* PR 17512: file: 2844a11d.  */
6cffa7 
   if (hdr->sh_size == 0)
6cffa7 
     return;
6cffa7 
+  if (hdr->sh_size > bfd_get_size (abfd))
6cffa7 
+    {
6cffa7 
+      /* xgettext:c-format */
6cffa7 
+      _bfd_error_handler (_("%B: error: attribute section '%A' too big: %#llx"),
6cffa7 
+                         abfd, hdr->bfd_section, (long long) hdr->sh_size);
6cffa7 
+      bfd_set_error (bfd_error_invalid_operation);
6cffa7 
+      return;
6cffa7 
+    }
6cffa7 
+
6cffa7 
   contents = (bfd_byte *) bfd_malloc (hdr->sh_size);
6cffa7 
   if (!contents)
6cffa7 
     return;
6cffa7 
diff -rup binutils.orig/bfd/elf.c binutils-2.27/bfd/elf.c
6cffa7 
--- binutils.orig/bfd/elf.c	2018-05-30 09:57:23.382080610 +0100
6cffa7 
+++ binutils-2.27/bfd/elf.c	2018-05-30 10:01:52.766182199 +0100
6cffa7 
@@ -297,6 +297,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
6cffa7 
       /* Allocate and clear an extra byte at the end, to prevent crashes
6cffa7 
 	 in case the string table is not terminated.  */
6cffa7 
       if (shstrtabsize + 1 <= 1
6cffa7 
+	  || shstrtabsize > bfd_get_size (abfd)
6cffa7 
 	  || bfd_seek (abfd, offset, SEEK_SET) != 0
6cffa7 
 	  || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
6cffa7 
 	shstrtab = NULL;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation