From 79f83cf3ce2928e79c73b26d0a1f4e084f632c5a Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 9 Aug 2019 14:51:53 +0100 Subject: [PATCH] Fix potential integer overflow in GOLD. Resolves: #1739491 --- binutils-CVE-2019-14250.patch | 17 +++++++++++++++++ binutils.spec | 10 +++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 binutils-CVE-2019-14250.patch diff --git a/binutils-CVE-2019-14250.patch b/binutils-CVE-2019-14250.patch new file mode 100644 index 0000000..c37b92e --- /dev/null +++ b/binutils-CVE-2019-14250.patch @@ -0,0 +1,17 @@ +--- binutils.orig/libiberty/simple-object-elf.c 2019-08-09 14:13:51.677330065 +0100 ++++ binutils-2.32/libiberty/simple-object-elf.c 2019-08-09 14:14:31.177076298 +0100 +@@ -549,6 +549,14 @@ simple_object_elf_match (unsigned char h + return NULL; + } + ++ if (eor->shstrndx == 0) ++ { ++ *errmsg = "invalid ELF shstrndx == 0"; ++ *err = 0; ++ XDELETE (eor); ++ return NULL; ++ } ++ + return (void *) eor; + } + diff --git a/binutils.spec b/binutils.spec index 0664680..405d37a 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.32 -Release: 22%{?dist} +Release: 23%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -248,6 +248,10 @@ Patch26: binutils-objcopy-gnu-build-version-notes.patch # Lifetime: Fixed in 2.33 Patch27: binutils-CVE-2019-1010204.patch +# Purpose: Add check to libiberty library in order to prevent an integer overflow in the gold linker. +# Lifetime: Fixed in 2.33 +Patch28: binutils-CVE-2019-14250.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -401,6 +405,7 @@ Conflicts: gcc-c++ < 4.0.0 %patch25 -p1 %patch26 -p1 %patch27 -p1 +%patch28 -p1 # We cannot run autotools as there is an exact requirement of autoconf-2.59. # FIXME - this is no longer true. Maybe try reinstating autotool use ? @@ -797,6 +802,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Fri Aug 09 2019 Nick Clifton - 2.32-23 +- Fix potential integer overflow in GOLD. (#1739491) + * Tue Aug 06 2019 Nick Clifton - 2.32-22 - Stop GOLD from seg-faulting on a corrupt input with a fuzzed section offset. (#1735605)