| From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001 |
| From: Nick Clifton <nickc@redhat.com> |
| Date: Tue, 24 Apr 2018 16:57:04 +0100 |
| Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF |
| binary with corrupt section symbols. |
| |
| PR 23113 |
| * elf.c (ignore_section_sym): Check for the output_section pointer |
| being NULL before dereferencing it. |
| |
| Upstream-Status: Backport |
| CVE: CVE-2018-10535 |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| bfd/ChangeLog | 4 ++++ |
| bfd/elf.c | 9 ++++++++- |
| 2 files changed, 12 insertions(+), 1 deletion(-) |
| |
| Index: git/bfd/elf.c |
| =================================================================== |
| --- git.orig/bfd/elf.c |
| +++ git/bfd/elf.c |
| @@ -4021,15 +4021,22 @@ ignore_section_sym (bfd *abfd, asymbol * |
| { |
| elf_symbol_type *type_ptr; |
| |
| + if (sym == NULL) |
| + return FALSE; |
| + |
| if ((sym->flags & BSF_SECTION_SYM) == 0) |
| return FALSE; |
| |
| + if (sym->section == NULL) |
| + return TRUE; |
| + |
| type_ptr = elf_symbol_from (abfd, sym); |
| return ((type_ptr != NULL |
| && type_ptr->internal_elf_sym.st_shndx != 0 |
| && bfd_is_abs_section (sym->section)) |
| || !(sym->section->owner == abfd |
| - || (sym->section->output_section->owner == abfd |
| + || (sym->section->output_section != NULL |
| + && sym->section->output_section->owner == abfd |
| && sym->section->output_offset == 0) |
| || bfd_is_abs_section (sym->section))); |
| } |
| Index: git/bfd/ChangeLog |
| =================================================================== |
| --- git.orig/bfd/ChangeLog |
| +++ git/bfd/ChangeLog |
| @@ -1,3 +1,9 @@ |
| +2018-04-24 Nick Clifton <nickc@redhat.com> |
| + |
| + PR 23113 |
| + * elf.c (ignore_section_sym): Check for the output_section pointer |
| + being NULL before dereferencing it. |
| + |
| 2018-04-17 Nick Clifton <nickc@redhat.com> |
| |
| PR 23065 |