From 334b3c811a13103b2d342e7b7e1bc26f0de36234 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 3 Mar 2023 12:17:46 +0000 Subject: [PATCH] Fix a potential seg-fault when dumping a corrupt ELF format file. Resolves: #2174205 --- binutils-CVE-2023-25587.patch | 34 ++++++++++++++++++++++++++++++++++ binutils.spec | 10 +++++++++- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 binutils-CVE-2023-25587.patch diff --git a/binutils-CVE-2023-25587.patch b/binutils-CVE-2023-25587.patch new file mode 100644 index 0000000..ff60141 --- /dev/null +++ b/binutils-CVE-2023-25587.patch @@ -0,0 +1,34 @@ +--- binutils.orig/binutils/objdump.c 2023-03-03 11:37:39.209614222 +0000 ++++ binutils-2.35.2/binutils/objdump.c 2023-03-03 11:39:45.492428807 +0000 +@@ -1090,20 +1090,19 @@ compare_symbols (const void *ap, const v + return 1; + } + +- if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour ++ /* Sort larger size ELF symbols before smaller. See PR20337. */ ++ bfd_vma asz = 0; ++ if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 ++ && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour) ++ asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; ++ ++ bfd_vma bsz = 0; ++ if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 + && bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour) +- { +- bfd_vma asz, bsz; ++ bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; + +- asz = 0; +- if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) +- asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; +- bsz = 0; +- if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) +- bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; +- if (asz != bsz) +- return asz > bsz ? -1 : 1; +- } ++ if (asz != bsz) ++ return asz > bsz ? -1 : 1; + + /* Symbols that start with '.' might be section names, so sort them + after symbols that don't start with '.'. */ diff --git a/binutils.spec b/binutils.spec index f06db4f..218d159 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?_with_debug:-debug} Version: 2.35.2 -Release: 37%{?dist} +Release: 38%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -424,6 +424,11 @@ Patch61: binutils-increase-the-max-number-of-open-fi.patch # Purpose: Remove a comment from bfd_stdint.h, indicating how the file was generated. # Lifetime: Fixed in 2.39 ? Patch62: binutils-no-comment-in-bfd-stdint.patch + +# Purpose: Fix a potential seg-fault when dumping corrupt ELF files. +# Lifetime: Fixed in 2.40 +Patch63: binutils-CVE-2023-25587.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -1264,6 +1269,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Fri Mar 03 2023 Nick Clifton - 2.35.2-38 +- Fix a potential seg-fault when dumping a corrupt ELF format file. (#2174205) + * Fri Jan 20 2023 Nick Clifton - 2.35.2-37 - Stop the cross binaries from leaking into the native packages.