From ba0f4ef1dbd9451ae87305befaa8088a31c4f0cb Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 7 May 2021 11:29:52 +0100 Subject: [PATCH] Fix potential buffer corruption in sha1 code in libiberty library. Fix potential buffer corruption in sha1 code in linker. Resolves: #1954139 Resolves: #1954138 --- binutils-libiberty-sha1.patch | 11 +++++++++++ binutils-linker-string-copy.patch | 11 +++++++++++ binutils.spec | 14 +++++++++++++- 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 binutils-libiberty-sha1.patch create mode 100644 binutils-linker-string-copy.patch diff --git a/binutils-libiberty-sha1.patch b/binutils-libiberty-sha1.patch new file mode 100644 index 0000000..ddc7bb4 --- /dev/null +++ b/binutils-libiberty-sha1.patch @@ -0,0 +1,11 @@ +--- binutils.orig/libiberty/sha1.c 2021-05-07 10:47:11.572773217 +0100 ++++ binutils-2.35.2/libiberty/sha1.c 2021-05-07 10:47:16.014741009 +0100 +@@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, + { + sha1_process_block (ctx->buffer, 64, ctx); + left_over -= 64; +- memcpy (ctx->buffer, &ctx->buffer[16], left_over); ++ memmove (ctx->buffer, &ctx->buffer[16], left_over); + } + ctx->buflen = left_over; + } diff --git a/binutils-linker-string-copy.patch b/binutils-linker-string-copy.patch new file mode 100644 index 0000000..d96d868 --- /dev/null +++ b/binutils-linker-string-copy.patch @@ -0,0 +1,11 @@ +--- binutils.orig/ld/pe-dll.c 2021-05-07 10:47:12.145769068 +0100 ++++ binutils-2.35.2/ld/pe-dll.c 2021-05-07 11:01:43.000450119 +0100 +@@ -3032,7 +3032,7 @@ pe_find_cdecl_alias_match (struct bfd_li + if (pe_details->underscored) + lname[0] = '_'; + else +- strcpy (lname, lname + 1); ++ memmove (lname, lname + 1, strlen (lname)); + key.key = lname; + kv = bsearch (&key, udef_table, undef_count, + sizeof (struct key_value), undef_sort_cmp); diff --git a/binutils.spec b/binutils.spec index d44ca8a..9fa4f7e 100644 --- a/binutils.spec +++ b/binutils.spec @@ -39,7 +39,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?name_cross}%{?_with_debug:-debug} Version: 2.35.2 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -361,6 +361,14 @@ Patch41: binutils-CVE-2021-3487.patch # Lifetime: Fixed in 2.36 Patch42: binutils-CVE-2020-35448.patch +# Purpose: Fix potential buffer corruption in libiberty library. +# Lifetime: Fixed in 2.36 +Patch43: binutils-libiberty-sha1.patch + +# Purpose: Fix potential buffer corruption in linker. +# Lifetime: Fixed in 2.36 +Patch44: binutils-linker-string-copy.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -946,6 +954,10 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Fri May 07 2021 Nick Clifton - 2.35.2-2 +- Fix potential buffer corruption in sha1 code in libiberty library. (#1954138) +- Fix potential buffer corruption in sha1 code in linker. (#1954139) + * Fri Apr 23 2021 Nick Clifton - 2.35.2-1 - Fix an illegal memory access when parsing a corrupt ELF file. (#1950481) - Fix excessive memory consumption parsing corrupt DWARF information. (#1947969)