* [PATCH v2] binutils : Fix CVE-2022-4285
@ 2022-12-21 18:00 Yash Shinde
2022-12-21 21:01 ` [OE-core] " Alexandre Belloni
0 siblings, 1 reply; 4+ messages in thread
From: Yash Shinde @ 2022-12-21 18:00 UTC (permalink / raw)
To: openembedded-core; +Cc: Yash.Shinde
From: Yash Shinde <Yash.Shinde@windriver.com>
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
---
.../binutils/binutils-2.39.inc | 1 +
.../binutils/0015-CVE-2022-4285.patch | 36 +++++++++++++++++++
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.39.inc b/meta/recipes-devtools/binutils/binutils-2.39.inc
index b040e57037..419571d56c 100644
--- a/meta/recipes-devtools/binutils/binutils-2.39.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.39.inc
@@ -35,6 +35,7 @@ SRC_URI = "\
file://0014-CVE-2022-38128-1.patch \
file://0014-CVE-2022-38128-2.patch \
file://0014-CVE-2022-38128-3.patch \
+ file://0015-CVE-2022-4285.patch \
"
S = "${WORKDIR}/git"
# Already in 2.39 branch
diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
new file mode 100644
index 0000000000..5ff5290334
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
@@ -0,0 +1,36 @@
+From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 19 Oct 2022 15:09:12 +0100
+Subject: [PATCH] Fix an illegal memory access when parsing an ELF file
+ containing corrupt symbol version information.
+
+ PR 29699
+ * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
+ of the section header is zero.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
+CVE: CVE-2022-4285
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/elf.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index fe00e0f9189..7cd7febcf95 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return_verref;
+ }
+- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
++ if (amt == 0)
++ goto error_return_verref;
++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+ if (elf_tdata (abfd)->verref == NULL)
+ goto error_return_verref;
+
+--
+2.31.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH v2] binutils : Fix CVE-2022-4285
2022-12-21 18:00 [PATCH v2] binutils : Fix CVE-2022-4285 Yash Shinde
@ 2022-12-21 21:01 ` Alexandre Belloni
2022-12-22 5:06 ` Yash Shinde
0 siblings, 1 reply; 4+ messages in thread
From: Alexandre Belloni @ 2022-12-21 21:01 UTC (permalink / raw)
To: Yash Shinde; +Cc: openembedded-core, Yash.Shinde
This is already fixed upstream:
https://git.openembedded.org/openembedded-core/commit/?id=b6b750f8e41a392ff92d9118ef7530ada20d06fe
On 21/12/2022 23:30:09+0530, Yash Shinde wrote:
> From: Yash Shinde <Yash.Shinde@windriver.com>
>
> Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
>
> Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
> ---
> .../binutils/binutils-2.39.inc | 1 +
> .../binutils/0015-CVE-2022-4285.patch | 36 +++++++++++++++++++
> 2 files changed, 37 insertions(+)
> create mode 100644 meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
>
> diff --git a/meta/recipes-devtools/binutils/binutils-2.39.inc b/meta/recipes-devtools/binutils/binutils-2.39.inc
> index b040e57037..419571d56c 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.39.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.39.inc
> @@ -35,6 +35,7 @@ SRC_URI = "\
> file://0014-CVE-2022-38128-1.patch \
> file://0014-CVE-2022-38128-2.patch \
> file://0014-CVE-2022-38128-3.patch \
> + file://0015-CVE-2022-4285.patch \
> "
> S = "${WORKDIR}/git"
> # Already in 2.39 branch
> diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
> new file mode 100644
> index 0000000000..5ff5290334
> --- /dev/null
> +++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
> @@ -0,0 +1,36 @@
> +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001
> +From: Nick Clifton <nickc@redhat.com>
> +Date: Wed, 19 Oct 2022 15:09:12 +0100
> +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file
> + containing corrupt symbol version information.
> +
> + PR 29699
> + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
> + of the section header is zero.
> +
> +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
> +CVE: CVE-2022-4285
> +
> +---
> + bfd/ChangeLog | 6 ++++++
> + bfd/elf.c | 4 +++-
> + 2 files changed, 9 insertions(+), 1 deletion(-)
> +
> +diff --git a/bfd/elf.c b/bfd/elf.c
> +index fe00e0f9189..7cd7febcf95 100644
> +--- a/bfd/elf.c
> ++++ b/bfd/elf.c
> +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
> + bfd_set_error (bfd_error_file_too_big);
> + goto error_return_verref;
> + }
> +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
> ++ if (amt == 0)
> ++ goto error_return_verref;
> ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
> + if (elf_tdata (abfd)->verref == NULL)
> + goto error_return_verref;
> +
> +--
> +2.31.1
> +
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#174935): https://lists.openembedded.org/g/openembedded-core/message/174935
> Mute This Topic: https://lists.openembedded.org/mt/95811724/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] binutils : Fix CVE-2022-4285
2022-12-21 21:01 ` [OE-core] " Alexandre Belloni
@ 2022-12-22 5:06 ` Yash Shinde
2022-12-22 13:16 ` [OE-core] " Alexandre Belloni
0 siblings, 1 reply; 4+ messages in thread
From: Yash Shinde @ 2022-12-22 5:06 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 90 bytes --]
Some updates were needed in the patch. So, posted a version 2 of it.
Regards,
Yash
[-- Attachment #2: Type: text/html, Size: 122 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH v2] binutils : Fix CVE-2022-4285
2022-12-22 5:06 ` Yash Shinde
@ 2022-12-22 13:16 ` Alexandre Belloni
0 siblings, 0 replies; 4+ messages in thread
From: Alexandre Belloni @ 2022-12-22 13:16 UTC (permalink / raw)
To: Yash Shinde; +Cc: openembedded-core
On 21/12/2022 21:06:11-0800, Yash Shinde wrote:
> Some updates were needed in the patch. So, posted a version 2 of it.
>
I understand that but in the meantime, your colleague submitted a proper
patch and it has already been applied on master.
> Regards,
>
> Yash
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#174954): https://lists.openembedded.org/g/openembedded-core/message/174954
> Mute This Topic: https://lists.openembedded.org/mt/95811724/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-12-22 13:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-21 18:00 [PATCH v2] binutils : Fix CVE-2022-4285 Yash Shinde
2022-12-21 21:01 ` [OE-core] " Alexandre Belloni
2022-12-22 5:06 ` Yash Shinde
2022-12-22 13:16 ` [OE-core] " Alexandre Belloni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox