Fix for PR 22887 - crashing objdump by passing it a corrupt AOUT binary. (#1553115)
Fix for PR 22905 - crashing objdump by passing it a corrupt DWARF file. (#1553122) Fix for PR 22741 - crashing objdump by passing it a corrupt COFF file. (#1571918)
This commit is contained in:
parent
116d1c1cd2
commit
bb781d5f31
12
binutils-CVE-2018-7208.patch
Normal file
12
binutils-CVE-2018-7208.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- binutils.orig/bfd/coffgen.c 2018-04-27 09:23:33.449859052 +0100
|
||||
+++ binutils-2.30/bfd/coffgen.c 2018-04-27 09:34:34.530135122 +0100
|
||||
@@ -1555,7 +1555,8 @@ coff_pointerize_aux (bfd *abfd,
|
||||
}
|
||||
/* A negative tagndx is meaningless, but the SCO 3.2v4 cc can
|
||||
generate one, so we must be careful to ignore it. */
|
||||
- if (auxent->u.auxent.x_sym.x_tagndx.l > 0)
|
||||
+ if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l
|
||||
+ < obj_raw_syment_count (abfd))
|
||||
{
|
||||
auxent->u.auxent.x_sym.x_tagndx.p =
|
||||
table_base + auxent->u.auxent.x_sym.x_tagndx.l;
|
17
binutils-CVE-2018-7642.patch
Normal file
17
binutils-CVE-2018-7642.patch
Normal file
@ -0,0 +1,17 @@
|
||||
--- binutils.orig/bfd/aoutx.h 2018-04-26 15:14:18.411450291 +0100
|
||||
+++ binutils-2.30/bfd/aoutx.h 2018-04-26 17:22:38.328770529 +0100
|
||||
@@ -2283,10 +2283,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abf
|
||||
if (r_baserel)
|
||||
r_extern = 1;
|
||||
|
||||
- if (r_extern && r_index > symcount)
|
||||
+ if (r_extern && r_index >= symcount)
|
||||
{
|
||||
/* We could arrange to return an error, but it might be useful
|
||||
- to see the file even if it is bad. */
|
||||
+ to see the file even if it is bad. FIXME: Of course this
|
||||
+ means that objdump -r *doesn't* see the actual reloc, and
|
||||
+ objcopy silently writes a different reloc. */
|
||||
r_extern = 0;
|
||||
r_index = N_ABS;
|
||||
}
|
16
binutils-CVE-2018-7643.patch
Normal file
16
binutils-CVE-2018-7643.patch
Normal file
@ -0,0 +1,16 @@
|
||||
--- binutils.orig/binutils/dwarf.c 2018-04-27 09:22:07.402864408 +0100
|
||||
+++ binutils-2.30/binutils/dwarf.c 2018-04-27 09:24:26.794235786 +0100
|
||||
@@ -6810,6 +6810,13 @@ display_debug_ranges (struct dwarf_secti
|
||||
continue;
|
||||
}
|
||||
|
||||
+ if (next < section_begin || next >= finish)
|
||||
+ {
|
||||
+ warn (_("Corrupt offset (%#8.8lx) in range entry %u\n"),
|
||||
+ (unsigned long) offset, i);
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
if (dwarf_check != 0 && i > 0)
|
||||
{
|
||||
if (start < next)
|
@ -65,7 +65,7 @@
|
||||
Summary: A GNU collection of binary utilities
|
||||
Name: %{?cross}binutils%{?_with_debug:-debug}
|
||||
Version: 2.30
|
||||
Release: 15%{?dist}
|
||||
Release: 16%{?dist}
|
||||
License: GPLv3+
|
||||
Group: Development/Tools
|
||||
URL: https://sourceware.org/binutils
|
||||
@ -202,6 +202,21 @@ Patch19: binutils-gold-llvm-plugin.patch
|
||||
# Lifetime: Fixed in 2.31
|
||||
Patch20: binutils-gas-build-notes.patch
|
||||
|
||||
# Purpose: Fix a CVE triggered by running objdump on a corrupt AOUT
|
||||
# format file.
|
||||
# Lifetime: Fixed in 2.31
|
||||
Patch21: binutils-CVE-2018-7642.patch
|
||||
|
||||
# Purpose: Fix a CVE triggered by running objdump on a binary containing
|
||||
# corrupt DWARF debug information.
|
||||
# Lifetime: Fixed in 2.31
|
||||
Patch22: binutils-CVE-2018-7643.patch
|
||||
|
||||
# Purpose: Fix a CVE triggered by running objdump on a corrupt COFF
|
||||
# format file.
|
||||
# Lifetime: Fixed in 2.31
|
||||
Patch23: binutils-CVE-2018-7208.patch
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
|
||||
Provides: bundled(libiberty)
|
||||
@ -347,6 +362,9 @@ using libelf instead of BFD.
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
|
||||
# We cannot run autotools as there is an exact requirement of autoconf-2.59.
|
||||
|
||||
@ -760,6 +778,11 @@ exit 0
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
%changelog
|
||||
* Fri Apr 27 2018 Nick Clifton <nickc@redhat.com> 2.30-16
|
||||
- Fix for PR 22887 - crashing objdump by passing it a corrupt AOUT binary. (#1553115)
|
||||
- Fix for PR 22905 - crashing objdump by passing it a corrupt DWARF file. (#1553122)
|
||||
- Fix for PR 22741 - crashing objdump by passing it a corrupt COFF file. (#1571918)
|
||||
|
||||
* Thu Apr 26 2018 Nick Clifton <nickc@redhat.com> 2.30-15
|
||||
- Enhance the assembler to automatically generate annobin notes if none are present in the input.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user