| From 7eacd66b086cabb1daab20890d5481894d4f56b2 Mon Sep 17 00:00:00 2001 |
| From: Alan Modra <amodra@gmail.com> |
| Date: Sun, 23 Apr 2017 15:21:11 +0930 |
| Subject: [PATCH] PR 21414, null pointer deref of _bfd_elf_large_com_section |
| sym |
| |
| PR 21414 |
| * section.c (GLOBAL_SYM_INIT): Make available in bfd.h. |
| * elf.c (lcomm_sym): New. |
| (_bfd_elf_large_com_section): Use lcomm_sym section symbol. |
| * bfd-in2.h: Regenerate. |
| |
| Upstream-Status: Backport |
| CVE: CVE-2017-8394 |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| bfd/ChangeLog | 8 ++++++++ |
| bfd/bfd-in2.h | 12 ++++++++++++ |
| bfd/elf.c | 6 ++++-- |
| bfd/section.c | 24 ++++++++++++------------ |
| 4 files changed, 36 insertions(+), 14 deletions(-) |
| |
| Index: git/bfd/bfd-in2.h |
| =================================================================== |
| --- git.orig/bfd/bfd-in2.h |
| +++ git/bfd/bfd-in2.h |
| @@ -1838,6 +1838,18 @@ extern asection _bfd_std_section[4]; |
| { NULL }, { NULL } \ |
| } |
| |
| +/* We use a macro to initialize the static asymbol structures because |
| + traditional C does not permit us to initialize a union member while |
| + gcc warns if we don't initialize it. |
| + the_bfd, name, value, attr, section [, udata] */ |
| +#ifdef __STDC__ |
| +#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
| + { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }} |
| +#else |
| +#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
| + { 0, NAME, 0, BSF_SECTION_SYM, SECTION } |
| +#endif |
| + |
| void bfd_section_list_clear (bfd *); |
| |
| asection *bfd_get_section_by_name (bfd *abfd, const char *name); |
| Index: git/bfd/elf.c |
| =================================================================== |
| --- git.orig/bfd/elf.c |
| +++ git/bfd/elf.c |
| @@ -11164,9 +11164,11 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd |
| |
| /* It is only used by x86-64 so far. |
| ??? This repeats *COM* id of zero. sec->id is supposed to be unique, |
| - but current usage would allow all of _bfd_std_section to be zero. t*/ |
| + but current usage would allow all of _bfd_std_section to be zero. */ |
| +static const asymbol lcomm_sym |
| + = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section); |
| asection _bfd_elf_large_com_section |
| - = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL, |
| + = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym, |
| "LARGE_COMMON", 0, SEC_IS_COMMON); |
| |
| void |
| Index: git/bfd/section.c |
| =================================================================== |
| --- git.orig/bfd/section.c |
| +++ git/bfd/section.c |
| @@ -738,20 +738,20 @@ CODE_FRAGMENT |
| . { NULL }, { NULL } \ |
| . } |
| . |
| +.{* We use a macro to initialize the static asymbol structures because |
| +. traditional C does not permit us to initialize a union member while |
| +. gcc warns if we don't initialize it. |
| +. the_bfd, name, value, attr, section [, udata] *} |
| +.#ifdef __STDC__ |
| +.#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
| +. { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }} |
| +.#else |
| +.#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
| +. { 0, NAME, 0, BSF_SECTION_SYM, SECTION } |
| +.#endif |
| +. |
| */ |
| |
| -/* We use a macro to initialize the static asymbol structures because |
| - traditional C does not permit us to initialize a union member while |
| - gcc warns if we don't initialize it. */ |
| - /* the_bfd, name, value, attr, section [, udata] */ |
| -#ifdef __STDC__ |
| -#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
| - { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }} |
| -#else |
| -#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
| - { 0, NAME, 0, BSF_SECTION_SYM, SECTION } |
| -#endif |
| - |
| /* These symbols are global, not specific to any BFD. Therefore, anything |
| that tries to change them is broken, and should be repaired. */ |
| |
| Index: git/bfd/ChangeLog |
| =================================================================== |
| --- git.orig/bfd/ChangeLog |
| +++ git/bfd/ChangeLog |
| @@ -1,4 +1,12 @@ |
| + |
| 2017-04-23 Alan Modra <amodra@gmail.com> |
| + PR 21414 |
| + * section.c (GLOBAL_SYM_INIT): Make available in bfd.h. |
| + * elf.c (lcomm_sym): New. |
| + (_bfd_elf_large_com_section): Use lcomm_sym section symbol. |
| + * bfd-in2.h: Regenerate. |
| + |
| ++2017-04-23 Alan Modra <amodra@gmail.com> |
| |
| PR 21412 |
| * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change |