|
|
@@ -0,0 +1,39 @@
|
|
|
+From 890f750a3b053532a4b839a2dd6243076de12031 Mon Sep 17 00:00:00 2001
|
|
|
+From: Alan Modra <amodra@gmail.com>
|
|
|
+Date: Fri, 21 Jun 2019 11:51:38 +0930
|
|
|
+Subject: [PATCH] PR24689, string table corruption
|
|
|
+
|
|
|
+The testcase in the PR had a e_shstrndx section of type SHT_GROUP.
|
|
|
+hdr->contents were initialized by setup_group rather than being read
|
|
|
+from the file, thus last byte was not zero and string dereference ran
|
|
|
+off the end of the buffer.
|
|
|
+
|
|
|
+ PR 24689
|
|
|
+ * elfcode.h (elf_object_p): Check type of e_shstrndx section.
|
|
|
+
|
|
|
+Upstream-Status: Backport
|
|
|
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
|
|
|
+
|
|
|
+CVE: CVE-2019-12972
|
|
|
+Affects: <= 2.23.0
|
|
|
+Dropped Changelog
|
|
|
+Signed-off-by Armin Kuster <akuster@mvista.com>
|
|
|
+---
|
|
|
+ bfd/ChangeLog | 5 +++++
|
|
|
+ bfd/elfcode.h | 3 ++-
|
|
|
+ 2 files changed, 7 insertions(+), 1 deletion(-)
|
|
|
+
|
|
|
+Index: git/bfd/elfcode.h
|
|
|
+===================================================================
|
|
|
+--- git.orig/bfd/elfcode.h
|
|
|
++++ git/bfd/elfcode.h
|
|
|
+@@ -747,7 +747,8 @@ elf_object_p (bfd *abfd)
|
|
|
+ /* A further sanity check. */
|
|
|
+ if (i_ehdrp->e_shnum != 0)
|
|
|
+ {
|
|
|
+- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd))
|
|
|
++ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)
|
|
|
++ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB)
|
|
|
+ {
|
|
|
+ /* PR 2257:
|
|
|
+ We used to just goto got_wrong_format_error here
|
Armin Kuster