[kirkstone][PATCH V2] binutils: Fix CVE-2022-47008

[kirkstone][PATCH V2] binutils: Fix CVE-2022-47008

[Deepthi Hemraj]

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
---
 .../binutils/binutils-2.38.inc                |  1 +
 .../binutils/0027-CVE-2022-47008.patch        | 67 +++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 5c3ff3d93a..9bcf7ad4f5 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -56,5 +56,6 @@ SRC_URI = "\
      file://0023-CVE-2023-25585.patch \
      file://0026-CVE-2023-1972.patch \
      file://0025-CVE-2023-25588.patch \
+     file://0027-CVE-2022-47008.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
new file mode 100644
index 0000000000..a3fff65409
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
@@ -0,0 +1,67 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 16 Jun 2022 23:43:38 +0000 (+0930)
+Subject: PR29255, memory leak in make_tempdir
+X-Git-Tag: binutils-2_39~236
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682
+
+PR29255, memory leak in make_tempdir
+
+	PR 29255
+	* bucomm.c (make_tempdir, make_tempname): Free template on all
+	failure paths.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682]
+
+CVE: CVE-2022-47008
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/binutils/bucomm.c b/binutils/bucomm.c
+index fdc2209df9c..4395cb9f7f5 100644
+--- a/binutils/bucomm.c
++++ b/binutils/bucomm.c
+@@ -537,8 +537,9 @@ make_tempname (const char *filename, int *ofd)
+ #else
+   tmpname = mktemp (tmpname);
+   if (tmpname == NULL)
+-    return NULL;
+-  fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
++    fd = -1;
++  else
++    fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
+ #endif
+   if (fd == -1)
+     {
+@@ -556,22 +557,23 @@ char *
+ make_tempdir (const char *filename)
+ {
+   char *tmpname = template_in_dir (filename);
++  char *ret;
+ 
+ #ifdef HAVE_MKDTEMP
+-  return mkdtemp (tmpname);
++  ret = mkdtemp (tmpname);
+ #else
+-  tmpname = mktemp (tmpname);
+-  if (tmpname == NULL)
+-    return NULL;
++  ret = mktemp (tmpname);
+ #if defined (_WIN32) && !defined (__CYGWIN32__)
+   if (mkdir (tmpname) != 0)
+-    return NULL;
++    ret = NULL;
+ #else
+   if (mkdir (tmpname, 0700) != 0)
+-    return NULL;
++    ret = NULL;
+ #endif
+-  return tmpname;
+ #endif
++  if (ret == NULL)
++    free (tmpname);
++  return ret;
+ }
+ 
+ /* Parse a string into a VMA, with a fatal error if it can't be
-- 
2.39.0

Re: [OE-core] [kirkstone][PATCH V2] binutils: Fix CVE-2022-47008

[Steve Sakoman]

Hi Deepthi,

Could you please submit V3 as a patch series? No ordering
works as is, the second patch in a series for the same recipe must
take the first into account.

Steve

On Tue, Sep 5, 2023 at 11:25 PM Hemraj, Deepthi via
lists.openembedded.org
<Deepthi.Hemraj=windriver.com@lists.openembedded.org> wrote:
>
> Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> ---
>  .../binutils/binutils-2.38.inc                |  1 +
>  .../binutils/0027-CVE-2022-47008.patch        | 67 +++++++++++++++++++
>  2 files changed, 68 insertions(+)
>  create mode 100644 meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
>
> diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
> index 5c3ff3d93a..9bcf7ad4f5 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.38.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
> @@ -56,5 +56,6 @@ SRC_URI = "\
>       file://0023-CVE-2023-25585.patch \
>       file://0026-CVE-2023-1972.patch \
>       file://0025-CVE-2023-25588.patch \
> +     file://0027-CVE-2022-47008.patch \
>  "
>  S  = "${WORKDIR}/git"
> diff --git a/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
> new file mode 100644
> index 0000000000..a3fff65409
> --- /dev/null
> +++ b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
> @@ -0,0 +1,67 @@
> +From: Alan Modra <amodra@gmail.com>
> +Date: Thu, 16 Jun 2022 23:43:38 +0000 (+0930)
> +Subject: PR29255, memory leak in make_tempdir
> +X-Git-Tag: binutils-2_39~236
> +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682
> +
> +PR29255, memory leak in make_tempdir
> +
> +       PR 29255
> +       * bucomm.c (make_tempdir, make_tempname): Free template on all
> +       failure paths.
> +
> +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682]
> +
> +CVE: CVE-2022-47008
> +
> +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> +
> +---
> +
> +diff --git a/binutils/bucomm.c b/binutils/bucomm.c
> +index fdc2209df9c..4395cb9f7f5 100644
> +--- a/binutils/bucomm.c
> ++++ b/binutils/bucomm.c
> +@@ -537,8 +537,9 @@ make_tempname (const char *filename, int *ofd)
> + #else
> +   tmpname = mktemp (tmpname);
> +   if (tmpname == NULL)
> +-    return NULL;
> +-  fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
> ++    fd = -1;
> ++  else
> ++    fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
> + #endif
> +   if (fd == -1)
> +     {
> +@@ -556,22 +557,23 @@ char *
> + make_tempdir (const char *filename)
> + {
> +   char *tmpname = template_in_dir (filename);
> ++  char *ret;
> +
> + #ifdef HAVE_MKDTEMP
> +-  return mkdtemp (tmpname);
> ++  ret = mkdtemp (tmpname);
> + #else
> +-  tmpname = mktemp (tmpname);
> +-  if (tmpname == NULL)
> +-    return NULL;
> ++  ret = mktemp (tmpname);
> + #if defined (_WIN32) && !defined (__CYGWIN32__)
> +   if (mkdir (tmpname) != 0)
> +-    return NULL;
> ++    ret = NULL;
> + #else
> +   if (mkdir (tmpname, 0700) != 0)
> +-    return NULL;
> ++    ret = NULL;
> + #endif
> +-  return tmpname;
> + #endif
> ++  if (ret == NULL)
> ++    free (tmpname);
> ++  return ret;
> + }
> +
> + /* Parse a string into a VMA, with a fatal error if it can't be
> --
> 2.39.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#187288): https://lists.openembedded.org/g/openembedded-core/message/187288
> Mute This Topic: https://lists.openembedded.org/mt/101189179/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [kirkstone][PATCH V2] binutils: Fix CVE-2022-47008

[Deepthi.Hemraj]

[-- Attachment #1: Type: text/plain, Size: 353 bytes --]

Hi Steve,
I have submitted V3 as a patch series for both CVE-2022-47008 and CVE-2022-47011.
https://lists.openembedded.org/g/openembedded-core/topic/kirkstone_patch_v3_1_2/101993403?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,101993403,previd%3D1697455830547490847,nextid%3D1697438547278672189&previd=1697455830547490847&nextid=1697438547278672189

[-- Attachment #2: Type: text/html, Size: 369 bytes --]