forked from pool/elfutils
Accepting request 230415 from Base:System
OBS-URL: https://build.opensuse.org/request/show/230415 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/elfutils?expand=0&rev=43
This commit is contained in:
commit
0c22e150da
@ -0,0 +1,38 @@
|
||||
From: Mark Wielaard <mjw@redhat.com>
|
||||
Subject: Check for overflow before calling malloc to uncompress data.
|
||||
Date: Wed Apr 9 11:33:23 2014 +0200
|
||||
Git-commit: 7f1eec317db79627b473c5b149a22a1b20d1f68f
|
||||
References: CVE-2014-0172, bnc#872785
|
||||
Signed-off-by: Tony Jones <tonyj@suse.de>
|
||||
|
||||
CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1085663
|
||||
|
||||
Reported-by: Florian Weimer <fweimer@redhat.com>
|
||||
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
||||
|
||||
diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
|
||||
index 79daeac..34ea373 100644
|
||||
--- a/libdw/dwarf_begin_elf.c
|
||||
+++ b/libdw/dwarf_begin_elf.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/* Create descriptor from ELF descriptor for processing file.
|
||||
- Copyright (C) 2002-2011 Red Hat, Inc.
|
||||
+ Copyright (C) 2002-2011, 2014 Red Hat, Inc.
|
||||
This file is part of elfutils.
|
||||
Written by Ulrich Drepper <drepper@redhat.com>, 2002.
|
||||
|
||||
@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp)
|
||||
memcpy (&size, data->d_buf + 4, sizeof size);
|
||||
size = be64toh (size);
|
||||
|
||||
+ /* Check for unsigned overflow so malloc always allocated
|
||||
+ enough memory for both the Elf_Data header and the
|
||||
+ uncompressed section data. */
|
||||
+ if (unlikely (sizeof (Elf_Data) + size < size))
|
||||
+ break;
|
||||
+
|
||||
Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
|
||||
if (unlikely (zdata == NULL))
|
||||
break;
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 15 18:56:25 UTC 2014 - tonyj@suse.com
|
||||
|
||||
- Fix integer overflow in check_section (CVE-2014-0172, bnc#872785)
|
||||
Add patch: elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Mar 22 17:19:48 UTC 2014 - jengelh@inai.de
|
||||
|
||||
|
@ -34,6 +34,7 @@ Patch5: elfutils-uninitialized.diff
|
||||
Patch6: elfutils-0.137-dwarf-header-check-fix.diff
|
||||
Patch7: elfutils-0.148-dont-crash.diff
|
||||
Patch8: elfutils-revert-portability-scanf.patch
|
||||
Patch9: elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: bison
|
||||
BuildRequires: flex
|
||||
@ -144,6 +145,7 @@ to develop applications that require these.
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1 -R
|
||||
%patch9 -p1
|
||||
|
||||
%build
|
||||
# Change DATE/TIME macros to use last change time of elfutils.changes
|
||||
@ -213,7 +215,6 @@ ls -lR $RPM_BUILD_ROOT%{_libdir}/libelf*
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libelf.so
|
||||
%{_libdir}/libelf.a
|
||||
#%{_libdir}/libelf_pic.a
|
||||
%{_includedir}/libelf.h
|
||||
%{_includedir}/gelf.h
|
||||
%{_includedir}/nlist.h
|
||||
|
Loading…
Reference in New Issue
Block a user