Home Explore Help
Sign In
crispAudio
/
poky
mirror of git://git.yoctoproject.org/poky
5
0
Fork 0
Files Issues 0 Wiki
Tree: 2d699f84a3
Branches Tags
poky
/
meta
/
recipes-devtools
/
elfutils
/
files
/
CVE-2019-7664.patch

CVE-2019-7664.patch 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. From 3ed05376e7b2c96c1d6eb24d2842cc25b79a4f07 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Mark Wielaard <mark@klomp.org>
    3. 

  3. Date: Wed, 16 Jan 2019 12:25:57 +0100
    4. 

  4. Subject: [PATCH] CVE: CVE-2019-7664
    5. 

  5. 

  6. Upstream-Status: Backport
    7. 

  7. libelf: Correct overflow check in note_xlate.
    8. 

  8. 

  9. We want to make sure the note_len doesn't overflow and becomes shorter
    10. 

  10. than the note header. But the namesz and descsz checks got the note header
    11. 

  11. size wrong). Replace the wrong constant (8) with a sizeof cvt_Nhdr (12).
    12. 

  12. 

  13. https://sourceware.org/bugzilla/show_bug.cgi?id=24084
    14. 

  14. 

  15. Signed-off-by: Mark Wielaard <mark@klomp.org>
    16. 

  16. Signed-off-by: Ubuntu <lisa@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net>
    17. 

  17. ---
    18. 

  18.  libelf/ChangeLog    | 13 +++++++++++++
    19. 

  19.  libelf/note_xlate.h |  4 ++--
    20. 

  20.  2 files changed, 15 insertions(+), 2 deletions(-)
    21. 

  21. 

  22. diff --git a/libelf/ChangeLog b/libelf/ChangeLog
    23. 

  23. index 68c4fbd..892e6e7 100644
    24. 

  24. --- a/libelf/ChangeLog
    25. 

  25. +++ b/libelf/ChangeLog
    26. 

  26. @@ -1,3 +1,16 @@
    27. 

  27. +<<<<<<< HEAD
    28. 

  28. +=======
    29. 

  29. +2019-01-16  Mark Wielaard  <mark@klomp.org>
    30. 

  30. +
    31. 

  31. +	* note_xlate.h (elf_cvt_note): Check n_namesz and n_descsz don't
    32. 

  32. +	overflow note_len into note header.
    33. 

  33. +
    34. 

  34. +2018-11-17  Mark Wielaard  <mark@klomp.org>
    35. 

  35. +
    36. 

  36. +	* elf32_updatefile.c (updatemmap): Make sure to call convert
    37. 

  37. +	function on a properly aligned destination.
    38. 

  38. +
    39. 

  39. +>>>>>>> e65d91d... libelf: Correct overflow check in note_xlate.
    40. 

  40.  2018-11-16  Mark Wielaard  <mark@klomp.org>
    41. 

  41.  
    42. 

  42.  	* libebl.h (__elf32_msize): Mark with const attribute.
    43. 

  43. diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h
    44. 

  44. index 9bdc3e2..bc9950f 100644
    45. 

  45. --- a/libelf/note_xlate.h
    46. 

  46. +++ b/libelf/note_xlate.h
    47. 

  47. @@ -46,13 +46,13 @@ elf_cvt_note (void *dest, const void *src, size_t len, int encode,
    48. 

  48.        /* desc needs to be aligned.  */
    49. 

  49.        note_len += n->n_namesz;
    50. 

  50.        note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
    51. 

  51. -      if (note_len > len || note_len < 8)
    52. 

  52. +      if (note_len > len || note_len < sizeof *n)
    53. 

  53.  	break;
    54. 

  54.  
    55. 

  55.        /* data as a whole needs to be aligned.  */
    56. 

  56.        note_len += n->n_descsz;
    57. 

  57.        note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
    58. 

  58. -      if (note_len > len || note_len < 8)
    59. 

  59. +      if (note_len > len || note_len < sizeof *n)
    60. 

  60.  	break;
    61. 

  61.  
    62. 

  62.        /* Copy or skip the note data.  */
    63. 

  63. -- 
    64. 

  64. 2.7.4
    65. 

  65.