diff options
| author |   ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
|---|---|---|
| committer | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
| commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
| tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch | |
| parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) | |
agl-basesystem
Diffstat (limited to 'external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch')
| -rw-r--r-- | external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch b/external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch new file mode 100644 index 00000000..b6cd29af --- /dev/null +++ b/external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch @@ -0,0 +1,52 @@ +From 012018907ca05eb0ab51d424a596ef38fc87cae1 Mon Sep 17 00:00:00 2001 +From: Mark Wielaard <mark@klomp.org> +Date: Wed, 16 Jan 2019 11:57:35 +0100 +Subject: [PATCH] libebl: Check GNU property note pr_datasz fits inside note + description. + +Before printing the data values, make sure pr_datasz doesn't go beyond +the end of the note description data. + +https://sourceware.org/bugzilla/show_bug.cgi?id=24075 + +Signed-off-by: Mark Wielaard <mark@klomp.org> + +Upstream-Status: Backport +CVE: CVE-2019-7146 patch #1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + libebl/ChangeLog | 4 ++++ + libebl/eblobjnote.c | 7 +++++++ + 2 files changed, 11 insertions(+) + +Index: elfutils-0.175/libebl/eblobjnote.c +=================================================================== +--- elfutils-0.175.orig/libebl/eblobjnote.c ++++ elfutils-0.175/libebl/eblobjnote.c +@@ -350,6 +350,13 @@ ebl_object_note (Ebl *ebl, uint32_t name + desc += 8; + descsz -= 8; + ++ if (prop.pr_datasz > descsz) ++ { ++ printf ("BAD property datasz: %" PRId32 "\n", ++ prop.pr_datasz); ++ return; ++ } ++ + int elfclass = gelf_getclass (ebl->elf); + char *elfident = elf_getident (ebl->elf, NULL); + GElf_Ehdr ehdr; +Index: elfutils-0.175/libebl/ChangeLog +=================================================================== +--- elfutils-0.175.orig/libebl/ChangeLog ++++ elfutils-0.175/libebl/ChangeLog +@@ -1,3 +1,7 @@ ++2019-01-16 Mark Wielaard <mark@klomp.org> ++ ++ * eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large. ++ + 2018-11-15 Mark Wielaard <mark@klomp.org> + + * eblobjnotetypename.c (ebl_object_note_type_name): Don't update |