poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch - openbmc/openbmc - Gitiles

 From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001
 From: Nick Clifton <nickc@redhat.com>
 Date: Tue, 17 Apr 2018 12:35:55 +0100
 Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF
  information.

 	PR 23064
 	* dwarf.c (process_cu_tu_index): Test for a potential buffer
 	overrun before copying signature pointer.

 Upstream-Status: Backport
 Affects: Binutils <= 2.30
 CVE: CVE-2018-10372
 Signed-off-by: Armin Kuster <akuster@mvista.com>

 ---
  binutils/ChangeLog |  6 ++++++
  binutils/dwarf.c   | 13 ++++++++++++-
  2 files changed, 18 insertions(+), 1 deletion(-)

 Index: git/binutils/dwarf.c
 ===================================================================
 --- git.orig/binutils/dwarf.c
 +++ git/binutils/dwarf.c
 @@ -9252,7 +9252,18 @@ process_cu_tu_index (struct dwarf_sectio
  		}

  	      if (!do_display)
 -		memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
 +		{
 +		  size_t num_copy = sizeof (uint64_t);
 +
 +		  /* PR 23064: Beware of buffer overflow.  */
 +		  if (ph + num_copy < limit)
 +		    memcpy (&this_set[row - 1].signature, ph, num_copy);
 +		  else
 +		    {
 +		      warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
 +		      return 0;
 +		    }
 +		}

  	      prow = poffsets + (row - 1) * ncols * 4;
  	      /* PR 17531: file: b8ce60a8.  */
 Index: git/binutils/ChangeLog
 ===================================================================
 --- git.orig/binutils/ChangeLog
 +++ git/binutils/ChangeLog
 @@ -1,3 +1,9 @@
 +2018-04-17  Nick Clifton  <nickc@redhat.com>
 +
 +       PR 23064
 +       * dwarf.c (process_cu_tu_index): Test for a potential buffer
 +       overrun before copying signature pointer.
 +
  2018-01-27  Nick Clifton  <nickc@redhat.com>

  	Back to development.
	From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001
	From: Nick Clifton <nickc@redhat.com>
	Date: Tue, 17 Apr 2018 12:35:55 +0100
	Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF
	information.

	PR 23064
	* dwarf.c (process_cu_tu_index): Test for a potential buffer
	overrun before copying signature pointer.

	Upstream-Status: Backport
	Affects: Binutils <= 2.30
	CVE: CVE-2018-10372
	Signed-off-by: Armin Kuster <akuster@mvista.com>

	---
	binutils/ChangeLog \| 6 ++++++
	binutils/dwarf.c \| 13 ++++++++++++-
	2 files changed, 18 insertions(+), 1 deletion(-)

	Index: git/binutils/dwarf.c
	===================================================================
	--- git.orig/binutils/dwarf.c
	+++ git/binutils/dwarf.c
	@@ -9252,7 +9252,18 @@ process_cu_tu_index (struct dwarf_sectio
	}

	if (!do_display)
	- memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
	+ {
	+ size_t num_copy = sizeof (uint64_t);
	+
	+ /* PR 23064: Beware of buffer overflow. */
	+ if (ph + num_copy < limit)
	+ memcpy (&this_set[row - 1].signature, ph, num_copy);
	+ else
	+ {
	+ warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
	+ return 0;
	+ }
	+ }

	prow = poffsets + (row - 1) * ncols * 4;
	/* PR 17531: file: b8ce60a8. */
	Index: git/binutils/ChangeLog
	===================================================================
	--- git.orig/binutils/ChangeLog
	+++ git/binutils/ChangeLog
	@@ -1,3 +1,9 @@
	+2018-04-17 Nick Clifton <nickc@redhat.com>
	+
	+ PR 23064
	+ * dwarf.c (process_cu_tu_index): Test for a potential buffer
	+ overrun before copying signature pointer.
	+
	2018-01-27 Nick Clifton <nickc@redhat.com>

	Back to development.