|
|
@@ -0,0 +1,33 @@
|
|
|
+From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
|
|
|
+From: Nick Clifton <nickc@redhat.com>
|
|
|
+Date: Mon, 5 Aug 2019 10:40:35 +0100
|
|
|
+Subject: [PATCH] Catch potential integer overflow in readelf when processing
|
|
|
+ corrupt binaries.
|
|
|
+
|
|
|
+ PR 24829
|
|
|
+ * readelf.c (apply_relocations): Catch potential integer overflow
|
|
|
+ whilst checking reloc location against section size.
|
|
|
+
|
|
|
+Upstream-Status: Backport
|
|
|
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7
|
|
|
+CVE: CVE-2019-14444
|
|
|
+Dropped changelog
|
|
|
+Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
+
|
|
|
+---
|
|
|
+ binutils/readelf.c | 2 +-
|
|
|
+ 2 files changed, 7 insertions(+), 1 deletion(-)
|
|
|
+
|
|
|
+Index: git/binutils/readelf.c
|
|
|
+===================================================================
|
|
|
+--- git.orig/binutils/readelf.c
|
|
|
++++ git/binutils/readelf.c
|
|
|
+@@ -13113,7 +13113,7 @@ apply_relocations (Filedata *
|
|
|
+ }
|
|
|
+
|
|
|
+ rloc = start + rp->r_offset;
|
|
|
+- if ((rloc + reloc_size) > end || (rloc < start))
|
|
|
++ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
|
|
|
+ {
|
|
|
+ warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
|
|
|
+ (unsigned long) rp->r_offset,
|
Armin Kuster