packages/binutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!62 fix CVE-2021-3487

Browse Source 
From: @liquor1
Reviewed-by: @overweight
Signed-off-by: @overweight
This commit is contained in:
openeuler-ci-bot 2021-04-23 16:27:57 +08:00 committed by Gitee
commit 6dd9a322c5
2 changed files with 84 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
backport-CVE-2021-3487.patch Normal file
View File

@ -0,0 +1,76 @@
From 647cebce12a6b0a26960220caff96ff38978cf24 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Thu, 26 Nov 2020 17:08:33 +0000
Subject: [PATCH] Prevent a memory allocation failure when parsing corrupt
DWARF debug sections.
PR 26946
* dwarf2.c (read_section): Check for debug sections with excessive
sizes.
---
bfd/ChangeLog | 6 ++++++
bfd/dwarf2.c | 25 +++++++++++++++++++------
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
index 977bf43..8bbfc81 100644
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -531,22 +531,24 @@ read_section (bfd * abfd,
bfd_byte ** section_buffer,
bfd_size_type * section_size)
{
- asection *msec;
const char *section_name = sec->uncompressed_name;
bfd_byte *contents = *section_buffer;
- bfd_size_type amt;
/* The section may have already been read. */
if (contents == NULL)
{
+ bfd_size_type amt;
+ asection *msec;
+ ufile_ptr filesize;
+
msec = bfd_get_section_by_name (abfd, section_name);
- if (! msec)
+ if (msec == NULL)
{
section_name = sec->compressed_name;
if (section_name != NULL)
msec = bfd_get_section_by_name (abfd, section_name);
}
- if (! msec)
+ if (msec == NULL)
{
_bfd_error_handler (_("DWARF error: can't find %s section."),
sec->uncompressed_name);
@@ -554,12 +556,23 @@ read_section (bfd * abfd,
return FALSE;
}
- *section_size = msec->rawsize ? msec->rawsize : msec->size;
+ amt = bfd_get_section_limit_octets (abfd, msec);
+ filesize = bfd_get_file_size (abfd);
+ if (amt >= filesize)
+ {
+ /* PR 26946 */
+ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"),
+ section_name, (long) amt, (long) filesize);
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
+ *section_size = amt;
/* Paranoia - alloc one extra so that we can make sure a string
section is NUL terminated. */
- amt = *section_size + 1;
+ amt += 1;
if (amt == 0)
{
+ /* Paranoia - this should never happen. */
bfd_set_error (bfd_error_no_memory);
return FALSE;
}
--
1.8.3.1

9
binutils.spec
View File

@ -1,7 +1,7 @@
Summary: Binary utilities
Name: binutils
Version: 2.34
Release: 11
Release: 12
License: GPLv3+
URL: https://sourceware.org/binutils
@ -49,6 +49,7 @@ Patch24: backport-0002-CVE-2021-20197.patch
Patch25: backport-0003-CVE-2021-20197.patch
Patch26: backport-Fix-a-build-problem-when-using-FreeBSD-12.patch
Patch27: backport-0004-CVE-2021-20197.patch
Patch28: backport-CVE-2021-3487.patch
Provides: bundled(libiberty)
@ -361,6 +362,12 @@ fi
%{_infodir}/bfd*info*
%changelog
* Fri Apr 23 2021 lirui <lirui130@huawei.com> - 2.34-12
- Type:CVE
- ID:NA
- SUG:NA
- DESC:fix CVE-2021-3487
* Fri Apr 16 2021 lirui <lirui130@huawei.com> - 2.34-11
- Type:CVE
- ID:NA