diff options
Diffstat (limited to 'external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch')
-rw-r--r-- | external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch | 154 |
1 files changed, 0 insertions, 154 deletions
diff --git a/external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch b/external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch deleted file mode 100644 index a1bb3097..00000000 --- a/external/poky/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch +++ /dev/null @@ -1,154 +0,0 @@ -From 4323d46c4a369b614aa1f574805860b3434552df Mon Sep 17 00:00:00 2001 -From: Mark Wielaard <mark@klomp.org> -Date: Wed, 16 Jan 2019 15:41:31 +0100 -Subject: [PATCH] CVE: CVE-2019-7665 - -Upstream-Status: Backport - -Sign off: Shubham Agrawal <shuagr@microsoft.com> - -libebl: Check NT_PLATFORM core notes contain a zero terminated string. - -Most strings in core notes are fixed size. But NT_PLATFORM contains just -a variable length string. Check that it is actually zero terminated -before passing to readelf to print. - -https://sourceware.org/bugzilla/show_bug.cgi?id=24089 - -Signed-off-by: Mark Wielaard <mark@klomp.org> -Signed-off-by: Ubuntu <lisa@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net> ---- - libdwfl/linux-core-attach.c | 9 +++++---- - libebl/eblcorenote.c | 39 +++++++++++++++++++-------------------- - libebl/libebl.h | 3 ++- - src/readelf.c | 2 +- - 4 files changed, 27 insertions(+), 26 deletions(-) - -diff --git a/libdwfl/linux-core-attach.c b/libdwfl/linux-core-attach.c -index 6c99b9e..c0f1b0d 100644 ---- a/libdwfl/linux-core-attach.c -+++ b/libdwfl/linux-core-attach.c -@@ -137,7 +137,7 @@ core_next_thread (Dwfl *dwfl __attribute__ ((unused)), void *dwfl_arg, - const Ebl_Register_Location *reglocs; - size_t nitems; - const Ebl_Core_Item *items; -- if (! ebl_core_note (core_arg->ebl, &nhdr, name, -+ if (! ebl_core_note (core_arg->ebl, &nhdr, name, desc, - ®s_offset, &nregloc, ®locs, &nitems, &items)) - { - /* This note may be just not recognized, skip it. */ -@@ -191,8 +191,9 @@ core_set_initial_registers (Dwfl_Thread *thread, void *thread_arg_voidp) - const Ebl_Register_Location *reglocs; - size_t nitems; - const Ebl_Core_Item *items; -- int core_note_err = ebl_core_note (core_arg->ebl, &nhdr, name, ®s_offset, -- &nregloc, ®locs, &nitems, &items); -+ int core_note_err = ebl_core_note (core_arg->ebl, &nhdr, name, desc, -+ ®s_offset, &nregloc, ®locs, -+ &nitems, &items); - /* __libdwfl_attach_state_for_core already verified the note is there. */ - assert (core_note_err != 0); - assert (nhdr.n_type == NT_PRSTATUS); -@@ -383,7 +384,7 @@ dwfl_core_file_attach (Dwfl *dwfl, Elf *core) - const Ebl_Register_Location *reglocs; - size_t nitems; - const Ebl_Core_Item *items; -- if (! ebl_core_note (ebl, &nhdr, name, -+ if (! ebl_core_note (ebl, &nhdr, name, desc, - ®s_offset, &nregloc, ®locs, &nitems, &items)) - { - /* This note may be just not recognized, skip it. */ -diff --git a/libebl/eblcorenote.c b/libebl/eblcorenote.c -index 783f981..7fab397 100644 ---- a/libebl/eblcorenote.c -+++ b/libebl/eblcorenote.c -@@ -36,11 +36,13 @@ - #include <inttypes.h> - #include <stdio.h> - #include <stddef.h> -+#include <string.h> - #include <libeblP.h> - - - int - ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name, -+ const char *desc, - GElf_Word *regs_offset, size_t *nregloc, - const Ebl_Register_Location **reglocs, size_t *nitems, - const Ebl_Core_Item **items) -@@ -51,28 +53,25 @@ ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name, - { - /* The machine specific function did not know this type. */ - -- *regs_offset = 0; -- *nregloc = 0; -- *reglocs = NULL; -- switch (nhdr->n_type) -+ /* NT_PLATFORM is kind of special since it needs a zero terminated -+ string (other notes often have a fixed size string). */ -+ static const Ebl_Core_Item platform[] = - { --#define ITEMS(type, table) \ -- case type: \ -- *items = table; \ -- *nitems = sizeof table / sizeof table[0]; \ -- result = 1; \ -- break -+ { -+ .name = "Platform", -+ .type = ELF_T_BYTE, .count = 0, .format = 's' -+ } -+ }; - -- static const Ebl_Core_Item platform[] = -- { -- { -- .name = "Platform", -- .type = ELF_T_BYTE, .count = 0, .format = 's' -- } -- }; -- ITEMS (NT_PLATFORM, platform); -- --#undef ITEMS -+ if (nhdr->n_type == NT_PLATFORM -+ && memchr (desc, '\0', nhdr->n_descsz) != NULL) -+ { -+ *regs_offset = 0; -+ *nregloc = 0; -+ *reglocs = NULL; -+ *items = platform; -+ *nitems = 1; -+ result = 1; - } - } - -diff --git a/libebl/libebl.h b/libebl/libebl.h -index ca9b9fe..24922eb 100644 ---- a/libebl/libebl.h -+++ b/libebl/libebl.h -@@ -319,7 +319,8 @@ typedef struct - - /* Describe the format of a core file note with the given header and NAME. - NAME is not guaranteed terminated, it's NHDR->n_namesz raw bytes. */ --extern int ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name, -+extern int ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, -+ const char *name, const char *desc, - GElf_Word *regs_offset, size_t *nregloc, - const Ebl_Register_Location **reglocs, - size_t *nitems, const Ebl_Core_Item **items) -diff --git a/src/readelf.c b/src/readelf.c -index 3a73710..71651e0 100644 ---- a/src/readelf.c -+++ b/src/readelf.c -@@ -12153,7 +12153,7 @@ handle_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, - size_t nitems; - const Ebl_Core_Item *items; - -- if (! ebl_core_note (ebl, nhdr, name, -+ if (! ebl_core_note (ebl, nhdr, name, desc, - ®s_offset, &nregloc, ®locs, &nitems, &items)) - return; - --- -2.7.4 - |