diff options
Diffstat (limited to 'external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch')
| -rw-r--r-- | external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch b/external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch new file mode 100644 index 00000000..4434b365 --- /dev/null +++ b/external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch @@ -0,0 +1,65 @@ +From cd7ded3df43f655af945c869976401a602e46fcd Mon Sep 17 00:00:00 2001 +From: Mark Wielaard <mark@klomp.org> +Date: Wed, 30 Jan 2019 00:04:11 +0100 +Subject: [PATCH] libebl: Check GNU property note data padding fits inside + note. + +The GNU property note data is padded. Make sure the extra padding +still fits in the note description. + +https://sourceware.org/bugzilla/show_bug.cgi?id=24075 + +Signed-off-by: Mark Wielaard <mark@klomp.org> + +Upstream-Status: Backport +CVE: CVE-2019-7146 patch #2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + libebl/ChangeLog | 5 +++++ + libebl/eblobjnote.c | 17 +++++++++-------- + 2 files changed, 14 insertions(+), 8 deletions(-) + +Index: elfutils-0.175/libebl/ChangeLog +=================================================================== +--- elfutils-0.175.orig/libebl/ChangeLog ++++ elfutils-0.175/libebl/ChangeLog +@@ -1,3 +1,8 @@ ++2019-01-29 Mark Wielaard <mark@klomp.org> ++ ++ * eblobjnote.c (ebl_object_note): Check pr_datasz padding doesn't ++ overflow descsz. ++ + 2019-01-16 Mark Wielaard <mark@klomp.org> + + * eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large. +Index: elfutils-0.175/libebl/eblobjnote.c +=================================================================== +--- elfutils-0.175.orig/libebl/eblobjnote.c ++++ elfutils-0.175/libebl/eblobjnote.c +@@ -486,16 +486,17 @@ ebl_object_note (Ebl *ebl, uint32_t name + printf ("%02" PRIx8 "\n", (uint8_t) desc[i]); + } + } ++ + if (elfclass == ELFCLASS32) +- { +- desc += NOTE_ALIGN4 (prop.pr_datasz); +- descsz -= NOTE_ALIGN4 (prop.pr_datasz); +- } ++ prop.pr_datasz = NOTE_ALIGN4 (prop.pr_datasz); + else +- { +- desc += NOTE_ALIGN8 (prop.pr_datasz); +- descsz -= NOTE_ALIGN8 (prop.pr_datasz); +- } ++ prop.pr_datasz = NOTE_ALIGN8 (prop.pr_datasz); ++ ++ desc += prop.pr_datasz; ++ if (descsz > prop.pr_datasz) ++ descsz -= prop.pr_datasz; ++ else ++ descsz = 0; + } + } + break; |