rpms/binutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Stop potential illegal memory access when parsing corrupt PE files.

Browse Source 
Resolves: #1680682
This commit is contained in:
Nick Clifton 2019-02-25 17:43:37 +00:00
parent 20ffc82c3d
commit d003e8dd8a
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
binutils-CVE-2019-9074.patch Normal file
View File

@ -0,0 +1,32 @@
--- binutils.orig/bfd/pei-x86_64.c 2019-02-25 16:12:29.798061414 +0000
+++ binutils-2.31.1/bfd/pei-x86_64.c 2019-02-25 17:09:02.783425236 +0000
@@ -541,7 +541,7 @@ pex64_bfd_print_pdata_section (bfd *abfd
/* virt_size might be zero for objects. */
if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0)
{
- stop = (datasize / onaline) * onaline;
+ stop = datasize;
virt_size_is_zero = TRUE;
}
else if (datasize < stop)
@@ -551,8 +551,8 @@ pex64_bfd_print_pdata_section (bfd *abfd
_("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"),
pdata_section->name, (unsigned long) datasize,
(unsigned long) stop);
- /* Be sure not to read passed datasize. */
- stop = datasize / onaline;
+ /* Be sure not to read past datasize. */
+ stop = datasize;
}
/* Display functions table. */
@@ -724,8 +724,7 @@ pex64_bfd_print_pdata_section (bfd *abfd
altent += imagebase;
if (altent >= pdata_vma
- && (altent + PDATA_ROW_SIZE <= pdata_vma
- + pei_section_data (abfd, pdata_section)->virt_size))
+ && altent - pdata_vma + PDATA_ROW_SIZE <= stop)
{
pex64_get_runtime_function
(abfd, &arf, &pdata[altent - pdata_vma]);

10
binutils.spec
View File

@ -75,7 +75,7 @@
Summary: A GNU collection of binary utilities Summary: A GNU collection of binary utilities
Name: %{?cross}binutils%{?_with_debug:-debug} Name: %{?cross}binutils%{?_with_debug:-debug}
Version: 2.32 Version: 2.32
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv3+ License: GPLv3+
URL: https://sourceware.org/binutils URL: https://sourceware.org/binutils
@ -176,6 +176,10 @@ Patch13: binutils-fix-testsuite-failures.patch
# Lifetime: Fixed in 2.33 # Lifetime: Fixed in 2.33
Patch14: binutils-CVE-2019-9073.patch Patch14: binutils-CVE-2019-9073.patch
# Purpose: Stop illegal memory access parsing corrupt PE files.
# Lifetime: Fixed in 2.33
Patch15: binutils-CVE-2019-9074.patch
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
Provides: bundled(libiberty) Provides: bundled(libiberty)
@ -308,6 +312,7 @@ using libelf instead of BFD.
%patch12 -p1 %patch12 -p1
%patch13 -p1 %patch13 -p1
%patch14 -p1 %patch14 -p1
%patch15 -p1
# We cannot run autotools as there is an exact requirement of autoconf-2.59. # We cannot run autotools as there is an exact requirement of autoconf-2.59.
# FIXME - this is no longer true. Maybe try reinstating autotool use ? # FIXME - this is no longer true. Maybe try reinstating autotool use ?
@ -709,6 +714,9 @@ exit 0
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
%changelog %changelog
* Mon Feb 25 2019 Nick Clifton <nickc@redhat.com> - 2.32-4
- Stop potential illegal memory access when parsing corrupt PE files. (#1680682)
* Mon Feb 25 2019 Nick Clifton <nickc@redhat.com> - 2.32-3 * Mon Feb 25 2019 Nick Clifton <nickc@redhat.com> - 2.32-3
- Improve objdump's handling of corrupt input files. (#1680663) - Improve objdump's handling of corrupt input files. (#1680663)