From 263729c7ef83d810b7990731fec4fd11920fe8af Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Thu, 3 Jan 2019 14:53:35 +0000 Subject: [PATCH] Fix a memory leak reading minisymbols. Resolves: #1661535 --- binutils-CVE-2018-20002.patch | 56 +++++++++++++++++++++++++++++++++++ binutils.spec | 10 ++++++- 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 binutils-CVE-2018-20002.patch diff --git a/binutils-CVE-2018-20002.patch b/binutils-CVE-2018-20002.patch new file mode 100644 index 0000000..69057c7 --- /dev/null +++ b/binutils-CVE-2018-20002.patch @@ -0,0 +1,56 @@ +diff -rup binutils.ori/bfd/syms.c binutils-2.31.1/bfd/syms.c +--- binutils.ori/bfd/syms.c 2019-01-03 13:51:05.784005438 +0000 ++++ binutils-2.31.1/bfd/syms.c 2019-01-03 13:53:43.238815129 +0000 +@@ -822,10 +822,18 @@ _bfd_generic_read_minisymbols (bfd *abfd + if (symcount < 0) + goto error_return; + +- *minisymsp = syms; +- *sizep = sizeof (asymbol *); ++ if (symcount == 0) ++ /* We return 0 above when storage is 0. Exit in the same state ++ here, so as to not complicate callers with having to deal with ++ freeing memory for zero symcount. */ ++ free (syms); ++ else ++ { ++ *minisymsp = syms; ++ *sizep = sizeof (asymbol *); ++ } + +- return symcount; ++ return symcount; + + error_return: + bfd_set_error (bfd_error_no_symbols); +diff -rup binutils.ori/binutils/nm.c binutils-2.31.1/binutils/nm.c +--- binutils.ori/binutils/nm.c 2019-01-03 13:51:06.337001258 +0000 ++++ binutils-2.31.1/binutils/nm.c 2019-01-03 13:52:37.542311774 +0000 +@@ -1162,13 +1162,11 @@ display_rel_file (bfd *abfd, bfd *archiv + if (synth_count > 0) + { + asymbol **symp; +- void *new_mini; + long i; + +- new_mini = xmalloc ((symcount + synth_count + 1) * sizeof (*symp)); +- symp = (asymbol **) new_mini; +- memcpy (symp, minisyms, symcount * sizeof (*symp)); +- symp += symcount; ++ minisyms = xrealloc (minisyms, ++ (symcount + synth_count + 1) * sizeof (*symp)); ++ symp = (asymbol **) minisyms + symcount; + for (i = 0; i < synth_count; i++) + *symp++ = synthsyms + i; + *symp = 0; +diff -rup binutils.orig/binutils/nm.c binutils-2.31.1/binutils/nm.c +--- binutils.orig/binutils/nm.c 2019-01-03 14:18:21.086458519 +0000 ++++ binutils-2.31.1/binutils/nm.c 2019-01-03 14:18:23.642438853 +0000 +@@ -1170,7 +1170,6 @@ display_rel_file (bfd *abfd, bfd *archiv + for (i = 0; i < synth_count; i++) + *symp++ = synthsyms + i; + *symp = 0; +- minisyms = new_mini; + symcount += synth_count; + } + } diff --git a/binutils.spec b/binutils.spec index d746721..de90f7a 100644 --- a/binutils.spec +++ b/binutils.spec @@ -75,7 +75,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.31.1 -Release: 18%{?dist} +Release: 19%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -218,6 +218,10 @@ Patch23: binutils-special-sections-in-groups.patch # Lifetime: Fixed in 2.32 Patch24: binutils-gold-discard-version-info.patch +# Purpose: Fix a memory leak reading minisymbols. +# Lifetime: Fixed in 2.32 +Patch25: binutils-CVE-2018-20002.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -364,6 +368,7 @@ using libelf instead of BFD. %patch22 -p1 %patch23 -p1 %patch24 -p1 +%patch25 -p1 # We cannot run autotools as there is an exact requirement of autoconf-2.59. # FIXME - this is no longer true. Maybe try reinstating autotool use ? @@ -792,6 +797,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Thu Jan 03 2019 Nick Clifton - 2.31.1-19 +- Fix a memory leak reading minisymbols. (#1661535) + * Wed Jan 02 2019 Nick Clifton - 2.31.1-18 - Ensure that GOLD is linked with pthread library. (#1636479)