Thanks for helping with CVE fixes! In the future if you are going to submit multiple patches for a recipe it would be helpful to submit them as a series rather than individual patches against the current top of tree. This will save me from having to do manual fixups for each patch after the first.
Best regards, Steve On Wed, May 3, 2023 at 11:04 PM Deepthi Hemraj <[email protected]> wrote: > > Upstream-Status: Backport > [https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086] > > Signed-off-by: Deepthi Hemraj <[email protected]> > --- > .../binutils/binutils-2.40.inc | 1 + > .../binutils/0017-CVE-2023-1972.patch | 40 +++++++++++++++++++ > 2 files changed, 41 insertions(+) > create mode 100644 > meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.40.inc > b/meta/recipes-devtools/binutils/binutils-2.40.inc > index 93631ca3d7..9df8715074 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.40.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.40.inc > @@ -35,5 +35,6 @@ SRC_URI = "\ > file://0014-configure-remove-dependencies-on-gmp-and-mpfr-when-g.patch \ > file://0015-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ > file://0016-CVE-2023-25586.patch \ > + file://0017-CVE-2023-1972.patch \ > " > S = "${WORKDIR}/git" > diff --git a/meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch > b/meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch > new file mode 100644 > index 0000000000..6a84936730 > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0017-CVE-2023-1972.patch > @@ -0,0 +1,40 @@ > +From: Nick Clifton <[email protected]> > +Date: Thu, 30 Mar 2023 09:10:09 +0000 (+0100) > +Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef > table. > +X-Git-Url: > https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57 > + > +Fix an illegal memory access when an accessing a zer0-lengthverdef table. > + > + PR 30285 > + * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions > are allocated. > + > +Upstream-Status: Backport > [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57] > + > +CVE: CVE-2023-1972 > + > +Signed-off-by: Deepthi Hemraj <[email protected]> > +--- > + > +diff --git a/bfd/elf.c b/bfd/elf.c > +index 027d0143735..185028cbd97 100644 > +--- a/bfd/elf.c > ++++ b/bfd/elf.c > +@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool > default_imported_symver) > + bfd_set_error (bfd_error_file_too_big); > + goto error_return_verdef; > + } > ++ > ++ if (amt == 0) > ++ goto error_return_verdef; > + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, > amt); > + if (elf_tdata (abfd)->verdef == NULL) > + goto error_return_verdef; > +@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool > default_imported_symver) > + bfd_set_error (bfd_error_file_too_big); > + goto error_return; > + } > ++ if (amt == 0) > ++ goto error_return; > + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, > amt); > + if (elf_tdata (abfd)->verdef == NULL) > + goto error_return; > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#180875): https://lists.openembedded.org/g/openembedded-core/message/180875 Mute This Topic: https://lists.openembedded.org/mt/98680180/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
