binutls: Security fix for CVE-2017-15022

Affected: <= 2.29.1 (From OE-Core rev: c19aa7eafd38639095b415efc16dba3777507d70) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-01 13:58:04 +00:00 · 2018-08-06 18:31:55 -07:00 · 2018-08-06 18:31:55 -07:00 · 00a04d8d8b
commit 00a04d8d8b
parent fb5416e874
2 changed files with 62 additions and 0 deletions
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@ -45,6 +45,7 @@ SRC_URI = "\
     file://CVE-2017-14939.patch \
     file://CVE-2017-14940.patch \
     file://CVE-2017-15021.patch \
+     file://CVE-2017-15022.patch \
 "
 S  = "${WORKDIR}/git"

--- a/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch
@ -0,0 +1,61 @@
+From 11855d8a1f11b102a702ab76e95b22082cccf2f8 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 25 Sep 2017 19:46:34 +0930
+Subject: [PATCH] PR22201, DW_AT_name with out of bounds reference
+
+DW_AT_name ought to always have a string value.
+
+	PR 22201
+	* dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it
+	has string form.
+	(parse_comp_unit): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15022
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/dwarf2.c  | 6 ++++--
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
+++ git/bfd/dwarf2.c
+@@ -3177,7 +3177,8 @@ scan_unit_for_symbols (struct comp_unit
+ 	      switch (attr.name)
+ 		{
+ 		case DW_AT_name:
+-		  var->name = attr.u.str;
+		  if (is_str_attr (attr.form))
+		    var->name = attr.u.str;
+ 		  break;
+ 
+ 		case DW_AT_decl_file:
+@@ -3429,7 +3430,8 @@ parse_comp_unit (struct dwarf2_debug *st
+ 	  break;
+ 
+ 	case DW_AT_name:
+-	  unit->name = attr.u.str;
+	  if (is_str_attr (attr.form))
+	    unit->name = attr.u.str;
+ 	  break;
+ 
+ 	case DW_AT_low_pc:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
+2017-09-25  Alan Modra  <amodra@gmail.com>
+ 
+       PR 22201
+       * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it
+       has string form.
+       (parse_comp_unit): Likewise.
+
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+  
+        PR 22197