| Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 1 | From 440d34d0ee37964453245895d38d7fc31bcf3d7d Mon Sep 17 00:00:00 2001 |
| 2 | From: Mark Wielaard <mark@klomp.org> |
| 3 | Date: Thu, 18 Oct 2018 23:15:48 +0200 |
| 4 | Subject: [PATCH] size: Handle recursive ELF ar files. |
| 5 | |
| 6 | eu-size didn't handle an ELF ar file that contained an ar file itself |
| 7 | correctly. handle_ar would recursively call itself but close the ELF |
| 8 | file before returning. Only close the ELF file at the top-level. |
| 9 | |
| 10 | https://sourceware.org/bugzilla/show_bug.cgi?id=23787 |
| 11 | |
| 12 | Signed-off-by: Mark Wielaard <mark@klomp.org> |
| 13 | |
| 14 | CVE: CVE-2018-18520 |
| 15 | Upstream-Status: Backport [http://sourceware.org/git/elfutils.git] |
| 16 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> |
| 17 | --- |
| 18 | src/size.c | 6 ++++-- |
| 19 | 1 file changed, 4 insertions(+), 2 deletions(-) |
| 20 | |
| 21 | diff --git a/src/size.c b/src/size.c |
| 22 | index 5ff3f2a..f01fd88 100644 |
| 23 | --- a/src/size.c |
| 24 | +++ b/src/size.c |
| 25 | @@ -374,8 +374,10 @@ handle_ar (int fd, Elf *elf, const char *prefix, const char *fname) |
| 26 | INTERNAL_ERROR (fname); |
| 27 | } |
| 28 | |
| 29 | - if (unlikely (elf_end (elf) != 0)) |
| 30 | - INTERNAL_ERROR (fname); |
| 31 | + /* Only close ELF handle if this was a "top level" ar file. */ |
| 32 | + if (prefix == NULL) |
| 33 | + if (unlikely (elf_end (elf) != 0)) |
| 34 | + INTERNAL_ERROR (fname); |
| 35 | |
| 36 | return result; |
| 37 | } |
| 38 | -- |
| 39 | 2.7.4 |
| 40 | |