| From 6e5e9d96b5bd7dc3147db9917d6a7a20682915cc Mon Sep 17 00:00:00 2001 |
| From: Nick Clifton <nickc@redhat.com> |
| Date: Mon, 13 Feb 2017 15:04:37 +0000 |
| Subject: Fix invalid read of section contents whilst processing a corrupt |
| binary. |
| |
| PR binutils/21135 |
| * readelf.c (dump_section_as_bytes): Handle the case where |
| uncompress_section_contents returns false. |
| |
| CVE: CVE-2017-7209 |
| Upstream-Status: Backport[master] |
| |
| Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> |
| --- |
| binutils/ChangeLog | 6 ++++++ |
| binutils/readelf.c | 16 ++++++++++++---- |
| 2 files changed, 18 insertions(+), 4 deletions(-) |
| |
| diff --git a/binutils/ChangeLog b/binutils/ChangeLog |
| index 55d2f8ba40..c4d8e60eca 100644 |
| --- a/binutils/ChangeLog |
| +++ b/binutils/ChangeLog |
| @@ -1,3 +1,9 @@ |
| +2017-02-13 Nick Clifton <nickc@redhat.com> |
| + |
| + PR binutils/21135 |
| + * readelf.c (dump_section_as_bytes): Handle the case where |
| + uncompress_section_contents returns false. |
| + |
| 2017-02-20 Nick Clifton <nickc@redhat.com> |
| |
| PR binutils/21156 |
| diff --git a/binutils/readelf.c b/binutils/readelf.c |
| index 7f7365dbc5..bc4e92fa81 100644 |
| --- a/binutils/readelf.c |
| +++ b/binutils/readelf.c |
| @@ -12473,10 +12473,18 @@ dump_section_as_bytes (Elf_Internal_Shdr * section, |
| new_size -= 12; |
| } |
| |
| - if (uncompressed_size |
| - && uncompress_section_contents (& start, uncompressed_size, |
| - & new_size)) |
| - section_size = new_size; |
| + if (uncompressed_size) |
| + { |
| + if (uncompress_section_contents (& start, uncompressed_size, |
| + & new_size)) |
| + section_size = new_size; |
| + else |
| + { |
| + error (_("Unable to decompress section %s\n"), |
| + printable_section_name (section)); |
| + return; |
| + } |
| + } |
| } |
| |
| if (relocate) |
| -- |
| 2.11.0 |
| |