rpms/elfutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

0.158-3 Add elfutils-0.158-CVE-2014-0172.patch (#1085729)

Browse Source
This commit is contained in:
Mark Wielaard 2014-04-10 11:24:56 +02:00
parent 514171dba6
commit 561f4c0405
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
elfutils-0.158-CVE-2014-0172.patch Normal file
View File

@ -0,0 +1,28 @@
commit 7f1eec317db79627b473c5b149a22a1b20d1f68f
Author: Mark Wielaard <mjw@redhat.com>
Date: Wed Apr 9 11:33:23 2014 +0200
CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
https://bugzilla.redhat.com/show_bug.cgi?id=1085663
Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
index 79daeac..34ea373 100644
--- a/libdw/dwarf_begin_elf.c
+++ b/libdw/dwarf_begin_elf.c
@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp)
memcpy (&size, data->d_buf + 4, sizeof size);
size = be64toh (size);
+ /* Check for unsigned overflow so malloc always allocated
+ enough memory for both the Elf_Data header and the
+ uncompressed section data. */
+ if (unlikely (sizeof (Elf_Data) + size < size))
+ break;
+
Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
if (unlikely (zdata == NULL))
break;

7
elfutils.spec
View File

@ -1,7 +1,7 @@
Name: elfutils Name: elfutils
Summary: A collection of utilities and DSOs to handle compiled objects Summary: A collection of utilities and DSOs to handle compiled objects
Version: 0.158 Version: 0.158
%global baserelease 2 %global baserelease 3
URL: https://fedorahosted.org/elfutils/ URL: https://fedorahosted.org/elfutils/
%global source_url http://fedorahosted.org/releases/e/l/elfutils/%{version}/ %global source_url http://fedorahosted.org/releases/e/l/elfutils/%{version}/
License: GPLv3+ and (GPLv2+ or LGPLv3+) License: GPLv3+ and (GPLv2+ or LGPLv3+)
@ -48,6 +48,7 @@ Patch1: %{?source_url}elfutils-robustify.patch
Patch2: %{?source_url}elfutils-portability.patch Patch2: %{?source_url}elfutils-portability.patch
Patch3: elfutils-0.158-mod-e_type.patch Patch3: elfutils-0.158-mod-e_type.patch
Patch4: elfutils-0.158-CVE-2014-0172.patch
%if !%{compat} %if !%{compat}
Release: %{baserelease}%{?dist} Release: %{baserelease}%{?dist}
@ -213,6 +214,7 @@ sed -i.scanf-m -e 's/%m/%a/g' src/addr2line.c tests/line2addr.c
%endif %endif
%patch3 -p1 -b .e_type %patch3 -p1 -b .e_type
%patch4 -p1 -b .CVE-2014-0172
find . -name \*.sh ! -perm -0100 -print | xargs chmod +x find . -name \*.sh ! -perm -0100 -print | xargs chmod +x
@ -333,6 +335,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_libdir}/libelf.a %{_libdir}/libelf.a
%changelog %changelog
* Tue Apr 10 2014 Mark Wielaard <mjw@redhat.com> - 0.158-3
- Add elfutils-0.158-CVE-2014-0172.patch (#1085729)
* Tue Mar 11 2014 Mark Wielaard <mjw@redhat.com> - 0.158-2 * Tue Mar 11 2014 Mark Wielaard <mjw@redhat.com> - 0.158-2
- Add elfutils-0.158-mod-e_type.patch. - Add elfutils-0.158-mod-e_type.patch.