rpms/binutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a potential illegal memory access when linking a corrupt input file.

Browse Source 
Resolves: RHEL-126877
This commit is contained in:
Nick Clifton 2025-11-10 13:53:03 +00:00
parent 4354f08963
commit ae50fe724f
2 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
binutils-CVE-2025-11083.patch Normal file
View File

@ -0,0 +1,71 @@
From 9ca499644a21ceb3f946d1c179c38a83be084490 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Thu, 18 Sep 2025 16:59:25 -0700
Subject: [PATCH] elf: Don't match corrupt section header in linker input
Don't swap in nor match corrupt section header in linker input to avoid
linker crash later.
PR ld/33457
* elfcode.h (elf_swap_shdr_in): Changed to return bool. Return
false for corrupt section header in linker input.
(elf_object_p): Reject if elf_swap_shdr_in returns false.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---
bfd/elfcode.h | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- binutils-2.41.orig/bfd/elfcode.h 2025-11-10 13:05:26.741890763 +0000
+++ binutils-2.41/bfd/elfcode.h 2025-11-10 13:07:45.446523690 +0000
@@ -311,7 +311,7 @@ elf_swap_ehdr_out (bfd *abfd,
/* Translate an ELF section header table entry in external format into an
ELF section header table entry in internal format. */
-static void
+static bool
elf_swap_shdr_in (bfd *abfd,
const Elf_External_Shdr *src,
Elf_Internal_Shdr *dst)
@@ -341,6 +341,9 @@ elf_swap_shdr_in (bfd *abfd,
{
_bfd_error_handler (_("warning: %pB has a section "
"extending past end of file"), abfd);
+ /* PR ld/33457: Don't match corrupt section header. */
+ if (abfd->is_linker_input)
+ return false;
abfd->read_only = 1;
}
}
@@ -350,6 +353,7 @@ elf_swap_shdr_in (bfd *abfd,
dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
dst->bfd_section = NULL;
dst->contents = NULL;
+ return true;
}
/* Translate an ELF section header table entry in internal format into an
@@ -642,9 +646,9 @@ elf_object_p (bfd *abfd)
/* Read the first section header at index 0, and convert to internal
form. */
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
+ || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
goto got_no_match;
- elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
/* If the section count is zero, the actual count is in the first
section header. */
@@ -730,9 +734,9 @@ elf_object_p (bfd *abfd)
to internal form. */
for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
{
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
+ || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
goto got_no_match;
- elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
/* Sanity check sh_link and sh_info. */
if (i_shdrp[shindex].sh_link >= num_sec)

10
binutils.spec
View File

@ -2,7 +2,7 @@
Summary: A GNU collection of binary utilities
Name: binutils%{?_with_debug:-debug}
Version: 2.41
Release: 59%{?dist}
Release: 60%{?dist}
License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later
URL: https://sourceware.org/binutils
@ -392,6 +392,11 @@ Patch62: binutils-CVE-2025-5244.patch
# Lifetime: Fixed in 2.46
Patch63: binutils-CVE-2025-11082.patch
# Purpose: Stops a potential illegal memory access when linking a corrupt
# input file. PR 33457
# Lifetime: Fixed in 2.46
Patch64: binutils-CVE-2025-11083.patch
#----------------------------------------------------------------------------
# Purpose: Suppress the x86 linker's p_align-1 tests due to kernel bug on CentOS-10
@ -1431,6 +1436,9 @@ exit 0
#----------------------------------------------------------------------------
%changelog
* Mon Nov 10 2025 Nick Clifton <nickc@redhat.com> - 2.41-60
- Fix a potential illegal memory access when linking a corrupt input file. (RHEL-126877)
* Tue Nov 04 2025 Nick Clifton <nickc@redhat.com> - 2.41-59
- Fix a potential illegal memory access when linking a corrupt input file. (RHEL-125205)