Blame - poky/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch - openbmc/openbmc

blob: 902a90dbc39678688456c1339c82e8dabf0f2690 [file] [log] [blame]

Brad Bishop	1a4b7ee	2018-12-16 17:11:34 -0800	[diff] [blame]	1	From 102def4da826b3d9e169741421e5e67e8731909a Mon Sep 17 00:00:00 2001
				2	From: Alan Modra <amodra@gmail.com>
				3	Date: Tue, 23 Oct 2018 18:30:22 +1030
				4	Subject: [PATCH] PR23805, NULL pointer dereference in elf_link_input_bfd
				5
				6	PR 23805
				7	* elflink.c (elf_link_input_bfd): Don't segfault on finding
				8	STT_TLS symbols without any TLS sections. Instead, change the
				9	symbol type to STT_NOTYPE.
				10
				11	Upstream-Status: Backport
				12	CVE: CVE-2018-18606
				13	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
				14	---
				15	bfd/ChangeLog \| 7 +++++++
				16	bfd/elflink.c \| 20 ++++++++++++++------
				17	2 files changed, 21 insertions(+), 6 deletions(-)
				18
Brad Bishop	1a4b7ee	2018-12-16 17:11:34 -0800	[diff] [blame]	19	--- a/bfd/elflink.c
				20	+++ b/bfd/elflink.c
Brad Bishop	977dc1a	2019-02-06 16:01:43 -0500	[diff] [blame]	21	@@ -10496,8 +10496,11 @@ elf_link_input_bfd (struct elf_final_lin
Brad Bishop	1a4b7ee	2018-12-16 17:11:34 -0800	[diff] [blame]	22	if (ELF_ST_TYPE (osym.st_info) == STT_TLS)
				23	{
				24	/* STT_TLS symbols are relative to PT_TLS segment base. */
				25	- BFD_ASSERT (elf_hash_table (flinfo->info)->tls_sec != NULL);
				26	- osym.st_value -= elf_hash_table (flinfo->info)->tls_sec->vma;
				27	+ if (elf_hash_table (flinfo->info)->tls_sec != NULL)
				28	+ osym.st_value -= elf_hash_table (flinfo->info)->tls_sec->vma;
				29	+ else
				30	+ osym.st_info = ELF_ST_INFO (ELF_ST_BIND (osym.st_info),
				31	+ STT_NOTYPE);
				32	}
				33	}
				34
Brad Bishop	977dc1a	2019-02-06 16:01:43 -0500	[diff] [blame]	35	@@ -11053,12 +11056,17 @@ elf_link_input_bfd (struct elf_final_lin
Brad Bishop	1a4b7ee	2018-12-16 17:11:34 -0800	[diff] [blame]	36	sym.st_value += osec->vma;
				37	if (ELF_ST_TYPE (sym.st_info) == STT_TLS)
				38	{
				39	+ struct elf_link_hash_table *htab
				40	+ = elf_hash_table (flinfo->info);
				41	+
				42	/* STT_TLS symbols are relative to PT_TLS
				43	segment base. */
				44	- BFD_ASSERT (elf_hash_table (flinfo->info)
				45	- ->tls_sec != NULL);
				46	- sym.st_value -= (elf_hash_table (flinfo->info)
				47	- ->tls_sec->vma);
				48	+ if (htab->tls_sec != NULL)
				49	+ sym.st_value -= htab->tls_sec->vma;
				50	+ else
				51	+ sym.st_info
				52	+ = ELF_ST_INFO (ELF_ST_BIND (sym.st_info),
				53	+ STT_NOTYPE);
				54	}
				55	}
				56