From a5080fa18b8c016111b6fab55e244ad3d12b882d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexandra=20H=C3=A1jkov=C3=A1?= Date: Sun, 17 Sep 2023 13:45:41 +0200 Subject: [PATCH] Backport upstream commit 8f2c64de86b which fixes RHBZ 2233961, CVE-2022-48064, (Alan Modra). --- _gdb.spec.Patch.include | 4 +++ _gdb.spec.patch.include | 1 + _patch_order | 1 + gdb-rhbz2233961-CVE-2022-4806.patch | 50 +++++++++++++++++++++++++++++ gdb.spec | 4 +++ 5 files changed, 60 insertions(+) create mode 100644 gdb-rhbz2233961-CVE-2022-4806.patch diff --git a/_gdb.spec.Patch.include b/_gdb.spec.Patch.include index e3f21e9..b963415 100644 --- a/_gdb.spec.Patch.include +++ b/_gdb.spec.Patch.include @@ -215,3 +215,7 @@ Patch048: gdb-bz2237515-debuginfod-double-free.patch # obstack allocation that wold lead to memory corruption. Patch049: gdb-bz2237392-dwarf-obstack-allocation.patch +# Backport PR29922, SHT_NOBITS section +# avoids section size sanity check. +Patch050: gdb-rhbz2233961-CVE-2022-4806.patch + diff --git a/_gdb.spec.patch.include b/_gdb.spec.patch.include index 2ca0c1f..f84adba 100644 --- a/_gdb.spec.patch.include +++ b/_gdb.spec.patch.include @@ -47,3 +47,4 @@ %patch -p1 -P047 %patch -p1 -P048 %patch -p1 -P049 +%patch -p1 -P050 diff --git a/_patch_order b/_patch_order index 4f99a83..2d9e7f8 100644 --- a/_patch_order +++ b/_patch_order @@ -47,3 +47,4 @@ gdb-rhbz2160211-excessive-core-file-warnings.patch gdb-bz2196395-debuginfod-legacy-openssl-crash.patch gdb-bz2237515-debuginfod-double-free.patch gdb-bz2237392-dwarf-obstack-allocation.patch +gdb-rhbz2233961-CVE-2022-4806.patch diff --git a/gdb-rhbz2233961-CVE-2022-4806.patch b/gdb-rhbz2233961-CVE-2022-4806.patch new file mode 100644 index 0000000..633bd32 --- /dev/null +++ b/gdb-rhbz2233961-CVE-2022-4806.patch @@ -0,0 +1,50 @@ +From FEDORA_PATCHES Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alexandra=20H=C3=A1jkov=C3=A1?= +Date: Sun, 17 Sep 2023 13:36:13 +0200 +Subject: gdb-rhbz2233961-CVE-2022-4806.patch + +;; Backport PR29922, SHT_NOBITS section +;; avoids section size sanity check. + +PR29922, SHT_NOBITS section avoids section size sanity check + + PR 29922 + * dwarf2.c (find_debug_info): Ignore sections without + SEC_HAS_CONTENTS. + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections, + { + look = debug_sections[debug_info].uncompressed_name; + msec = bfd_get_section_by_name (abfd, look); +- if (msec != NULL) ++ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of ++ course debug sections always have contents. */ ++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0) + return msec; + + look = debug_sections[debug_info].compressed_name; + msec = bfd_get_section_by_name (abfd, look); +- if (msec != NULL) ++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0) + return msec; + + for (msec = abfd->sections; msec != NULL; msec = msec->next) +- if (startswith (msec->name, GNU_LINKONCE_INFO)) ++ if ((msec->flags & SEC_HAS_CONTENTS) != 0 ++ && startswith (msec->name, GNU_LINKONCE_INFO)) + return msec; + + return NULL; +@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections, + + for (msec = after_sec->next; msec != NULL; msec = msec->next) + { ++ if ((msec->flags & SEC_HAS_CONTENTS) == 0) ++ continue; ++ + look = debug_sections[debug_info].uncompressed_name; + if (strcmp (msec->name, look) == 0) + return msec; diff --git a/gdb.spec b/gdb.spec index 85da8bd..f657d2b 100644 --- a/gdb.spec +++ b/gdb.spec @@ -1252,6 +1252,10 @@ fi %endif %changelog +* Sun Sep 17 2023 Alexandra Hájková - 13.2-8 +- Backport upstream commit 8f2c64de86b which fixes RHBZ 2233961, + CVE-2022-48064, (Alan Modra). + * Fri Sep 15 2023 Keith Seitz - 13.2-8 - migrated to SPDX license