From 0a29ea8a1e1a794d19ba9f23ccc2836379419e18 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Thu, 1 Aug 2019 03:15:42 -0500 Subject: system/binutils: patch multiple CVEs (#116) --- system/binutils/CVE-2019-12972.patch | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 system/binutils/CVE-2019-12972.patch (limited to 'system/binutils/CVE-2019-12972.patch') diff --git a/system/binutils/CVE-2019-12972.patch b/system/binutils/CVE-2019-12972.patch new file mode 100644 index 000000000..82b41c014 --- /dev/null +++ b/system/binutils/CVE-2019-12972.patch @@ -0,0 +1,33 @@ +From 890f750a3b053532a4b839a2dd6243076de12031 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Fri, 21 Jun 2019 11:51:38 +0930 +Subject: [PATCH] PR24689, string table corruption + +The testcase in the PR had a e_shstrndx section of type SHT_GROUP. +hdr->contents were initialized by setup_group rather than being read +from the file, thus last byte was not zero and string dereference ran +off the end of the buffer. + + PR 24689 + * elfcode.h (elf_object_p): Check type of e_shstrndx section. +--- + bfd/elfcode.h | 3 ++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/bfd/elfcode.h b/bfd/elfcode.h +index a0487b0..5180f79 100644 +--- a/bfd/elfcode.h ++++ b/bfd/elfcode.h +@@ -754,7 +754,8 @@ elf_object_p (bfd *abfd) + /* A further sanity check. */ + if (i_ehdrp->e_shnum != 0) + { +- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)) ++ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd) ++ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB) + { + /* PR 2257: + We used to just goto got_wrong_format_error here +-- +2.9.3 + -- cgit v1.2.3-60-g2f50