Stop potential illegal memory access when parsing corrupt archives.
Resolves: #1680670
This commit is contained in:
parent
d003e8dd8a
commit
43332bae43
73
binutils-CVE-2019-9075.patch
Normal file
73
binutils-CVE-2019-9075.patch
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
diff -rup binutils.orig/bfd/archive64.c binutils-2.31.1/bfd/archive64.c
|
||||||
|
--- binutils.orig/bfd/archive64.c 2019-02-26 11:17:11.882530151 +0000
|
||||||
|
+++ binutils-2.31.1/bfd/archive64.c 2019-02-26 11:19:18.422488805 +0000
|
||||||
|
@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
|
||||||
|
return FALSE;
|
||||||
|
carsyms = ardata->symdefs;
|
||||||
|
stringbase = ((char *) ardata->symdefs) + carsym_size;
|
||||||
|
- stringbase[stringsize] = 0;
|
||||||
|
- stringend = stringbase + stringsize;
|
||||||
|
|
||||||
|
raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
|
||||||
|
if (raw_armap == NULL)
|
||||||
|
@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
|
||||||
|
goto release_raw_armap;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ stringend = stringbase + stringsize;
|
||||||
|
+ *stringend = 0;
|
||||||
|
for (i = 0; i < nsymz; i++)
|
||||||
|
{
|
||||||
|
carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
|
||||||
|
carsyms->name = stringbase;
|
||||||
|
- if (stringbase < stringend)
|
||||||
|
- stringbase += strlen (stringbase) + 1;
|
||||||
|
+ stringbase += strlen (stringbase);
|
||||||
|
+ if (stringbase != stringend)
|
||||||
|
+ ++stringbase;
|
||||||
|
++carsyms;
|
||||||
|
}
|
||||||
|
- *stringbase = '\0';
|
||||||
|
|
||||||
|
ardata->symdef_count = nsymz;
|
||||||
|
ardata->first_file_filepos = bfd_tell (abfd);
|
||||||
|
diff -rup binutils.orig/bfd/archive.c binutils-2.31.1/bfd/archive.c
|
||||||
|
--- binutils.orig/bfd/archive.c 2019-02-26 11:17:11.884530134 +0000
|
||||||
|
+++ binutils-2.31.1/bfd/archive.c 2019-02-26 11:18:33.354859687 +0000
|
||||||
|
@@ -1014,6 +1014,7 @@ do_slurp_coff_armap (bfd *abfd)
|
||||||
|
int *raw_armap, *rawptr;
|
||||||
|
struct artdata *ardata = bfd_ardata (abfd);
|
||||||
|
char *stringbase;
|
||||||
|
+ char *stringend;
|
||||||
|
bfd_size_type stringsize;
|
||||||
|
bfd_size_type parsed_size;
|
||||||
|
carsym *carsyms;
|
||||||
|
@@ -1073,22 +1074,20 @@ do_slurp_coff_armap (bfd *abfd)
|
||||||
|
}
|
||||||
|
|
||||||
|
/* OK, build the carsyms. */
|
||||||
|
- for (i = 0; i < nsymz && stringsize > 0; i++)
|
||||||
|
+ stringend = stringbase + stringsize;
|
||||||
|
+ *stringend = 0;
|
||||||
|
+ for (i = 0; i < nsymz; i++)
|
||||||
|
{
|
||||||
|
bfd_size_type len;
|
||||||
|
|
||||||
|
rawptr = raw_armap + i;
|
||||||
|
carsyms->file_offset = swap ((bfd_byte *) rawptr);
|
||||||
|
carsyms->name = stringbase;
|
||||||
|
- /* PR 17512: file: 4a1d50c1. */
|
||||||
|
- len = strnlen (stringbase, stringsize);
|
||||||
|
- if (len < stringsize)
|
||||||
|
- len ++;
|
||||||
|
- stringbase += len;
|
||||||
|
- stringsize -= len;
|
||||||
|
+ stringbase += strlen (stringbase);
|
||||||
|
+ if (stringbase != stringend)
|
||||||
|
+ ++stringbase;
|
||||||
|
carsyms++;
|
||||||
|
}
|
||||||
|
- *stringbase = 0;
|
||||||
|
|
||||||
|
ardata->symdef_count = nsymz;
|
||||||
|
ardata->first_file_filepos = bfd_tell (abfd);
|
@ -75,7 +75,7 @@
|
|||||||
Summary: A GNU collection of binary utilities
|
Summary: A GNU collection of binary utilities
|
||||||
Name: %{?cross}binutils%{?_with_debug:-debug}
|
Name: %{?cross}binutils%{?_with_debug:-debug}
|
||||||
Version: 2.32
|
Version: 2.32
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: https://sourceware.org/binutils
|
URL: https://sourceware.org/binutils
|
||||||
|
|
||||||
@ -180,6 +180,10 @@ Patch14: binutils-CVE-2019-9073.patch
|
|||||||
# Lifetime: Fixed in 2.33
|
# Lifetime: Fixed in 2.33
|
||||||
Patch15: binutils-CVE-2019-9074.patch
|
Patch15: binutils-CVE-2019-9074.patch
|
||||||
|
|
||||||
|
# Purpose: Stop illegal memory access parsing corrupt archives.
|
||||||
|
# Lifetime: Fixed in 2.33
|
||||||
|
Patch16: binutils-CVE-2019-9075.patch
|
||||||
|
|
||||||
#----------------------------------------------------------------------------
|
#----------------------------------------------------------------------------
|
||||||
|
|
||||||
Provides: bundled(libiberty)
|
Provides: bundled(libiberty)
|
||||||
@ -313,6 +317,7 @@ using libelf instead of BFD.
|
|||||||
%patch13 -p1
|
%patch13 -p1
|
||||||
%patch14 -p1
|
%patch14 -p1
|
||||||
%patch15 -p1
|
%patch15 -p1
|
||||||
|
%patch16 -p1
|
||||||
|
|
||||||
# We cannot run autotools as there is an exact requirement of autoconf-2.59.
|
# We cannot run autotools as there is an exact requirement of autoconf-2.59.
|
||||||
# FIXME - this is no longer true. Maybe try reinstating autotool use ?
|
# FIXME - this is no longer true. Maybe try reinstating autotool use ?
|
||||||
@ -714,6 +719,9 @@ exit 0
|
|||||||
|
|
||||||
#----------------------------------------------------------------------------
|
#----------------------------------------------------------------------------
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 26 2019 Nick Clifton <nickc@redhat.com> - 2.32-5
|
||||||
|
- Stop potential illegal memory access when parsing corrupt archives. (#1680670)
|
||||||
|
|
||||||
* Mon Feb 25 2019 Nick Clifton <nickc@redhat.com> - 2.32-4
|
* Mon Feb 25 2019 Nick Clifton <nickc@redhat.com> - 2.32-4
|
||||||
- Stop potential illegal memory access when parsing corrupt PE files. (#1680682)
|
- Stop potential illegal memory access when parsing corrupt PE files. (#1680682)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user