Hello community,
here is the log from the commit of package elfutils for openSUSE:Factory
checked in at 2014-04-22 07:42:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/elfutils (Old)
and /work/SRC/openSUSE:Factory/.elfutils.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "elfutils"
Changes:
--------
--- /work/SRC/openSUSE:Factory/elfutils/elfutils.changes 2014-03-25
13:20:41.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.elfutils.new/elfutils.changes 2014-04-22
07:42:54.000000000 +0200
@@ -1,0 +2,6 @@
+Tue Apr 15 18:56:25 UTC 2014 - to...@suse.com
+
+- Fix integer overflow in check_section (CVE-2014-0172, bnc#872785)
+ Add patch:
elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
+
+-------------------------------------------------------------------
New:
----
elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ elfutils.spec ++++++
--- /var/tmp/diff_new_pack.buGaEd/_old 2014-04-22 07:42:55.000000000 +0200
+++ /var/tmp/diff_new_pack.buGaEd/_new 2014-04-22 07:42:55.000000000 +0200
@@ -34,6 +34,7 @@
Patch6: elfutils-0.137-dwarf-header-check-fix.diff
Patch7: elfutils-0.148-dont-crash.diff
Patch8: elfutils-revert-portability-scanf.patch
+Patch9:
elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison
BuildRequires: flex
@@ -144,6 +145,7 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1 -R
+%patch9 -p1
%build
# Change DATE/TIME macros to use last change time of elfutils.changes
@@ -213,7 +215,6 @@
%defattr(-,root,root)
%{_libdir}/libelf.so
%{_libdir}/libelf.a
-#%{_libdir}/libelf_pic.a
%{_includedir}/libelf.h
%{_includedir}/gelf.h
%{_includedir}/nlist.h
++++++
elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
++++++
From: Mark Wielaard <m...@redhat.com>
Subject: Check for overflow before calling malloc to uncompress data.
Date: Wed Apr 9 11:33:23 2014 +0200
Git-commit: 7f1eec317db79627b473c5b149a22a1b20d1f68f
References: CVE-2014-0172, bnc#872785
Signed-off-by: Tony Jones <to...@suse.de>
CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
https://bugzilla.redhat.com/show_bug.cgi?id=1085663
Reported-by: Florian Weimer <fwei...@redhat.com>
Signed-off-by: Mark Wielaard <m...@redhat.com>
diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
index 79daeac..34ea373 100644
--- a/libdw/dwarf_begin_elf.c
+++ b/libdw/dwarf_begin_elf.c
@@ -1,5 +1,5 @@
/* Create descriptor from ELF descriptor for processing file.
- Copyright (C) 2002-2011 Red Hat, Inc.
+ Copyright (C) 2002-2011, 2014 Red Hat, Inc.
This file is part of elfutils.
Written by Ulrich Drepper <drep...@redhat.com>, 2002.
@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn
*scn, bool inscngrp)
memcpy (&size, data->d_buf + 4, sizeof size);
size = be64toh (size);
+ /* Check for unsigned overflow so malloc always allocated
+ enough memory for both the Elf_Data header and the
+ uncompressed section data. */
+ if (unlikely (sizeof (Elf_Data) + size < size))
+ break;
+
Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
if (unlikely (zdata == NULL))
break;
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
