0.158-3 Add elfutils-0.158-CVE-2014-0172.patch (#1085729)

2014-04-10 11:24:56 +02:00 · 2014-04-10 11:24:56 +02:00 · 561f4c0405
commit 561f4c0405
parent 514171dba6
2 changed files with 34 additions and 1 deletions
--- a/elfutils-0.158-CVE-2014-0172.patch
+++ b/elfutils-0.158-CVE-2014-0172.patch
@ -0,0 +1,28 @@
+commit 7f1eec317db79627b473c5b149a22a1b20d1f68f
+Author: Mark Wielaard <mjw@redhat.com>
+Date:   Wed Apr 9 11:33:23 2014 +0200
+
+    CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
+    
+    https://bugzilla.redhat.com/show_bug.cgi?id=1085663
+    
+    Reported-by: Florian Weimer <fweimer@redhat.com>
+    Signed-off-by: Mark Wielaard <mjw@redhat.com>
+
+diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
+index 79daeac..34ea373 100644
+--- a/libdw/dwarf_begin_elf.c
+++ b/libdw/dwarf_begin_elf.c
+@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp)
+ 	    memcpy (&size, data->d_buf + 4, sizeof size);
+ 	    size = be64toh (size);
+ 
+	    /* Check for unsigned overflow so malloc always allocated
+	       enough memory for both the Elf_Data header and the
+	       uncompressed section data.  */
+	    if (unlikely (sizeof (Elf_Data) + size < size))
+	      break;
+
+ 	    Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
+ 	    if (unlikely (zdata == NULL))
+ 	      break;
--- a/elfutils.spec
+++ b/elfutils.spec
@ -1,7 +1,7 @@
 Name: elfutils
 Summary: A collection of utilities and DSOs to handle compiled objects
 Version: 0.158
-%global baserelease 2
+%global baserelease 3
 URL: https://fedorahosted.org/elfutils/
 %global source_url http://fedorahosted.org/releases/e/l/elfutils/%{version}/
 License: GPLv3+ and (GPLv2+ or LGPLv3+)
@ -48,6 +48,7 @@ Patch1: %{?source_url}elfutils-robustify.patch
 Patch2: %{?source_url}elfutils-portability.patch

 Patch3: elfutils-0.158-mod-e_type.patch
+Patch4: elfutils-0.158-CVE-2014-0172.patch

 %if !%{compat}
 Release: %{baserelease}%{?dist}
@ -213,6 +214,7 @@ sed -i.scanf-m -e 's/%m/%a/g' src/addr2line.c tests/line2addr.c
 %endif

 %patch3 -p1 -b .e_type
+%patch4 -p1 -b .CVE-2014-0172

 find . -name \*.sh ! -perm -0100 -print | xargs chmod +x

@ -333,6 +335,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_libdir}/libelf.a

 %changelog
+* Tue Apr 10 2014 Mark Wielaard <mjw@redhat.com> - 0.158-3
+- Add elfutils-0.158-CVE-2014-0172.patch (#1085729)
+
 * Tue Mar 11 2014 Mark Wielaard <mjw@redhat.com> - 0.158-2
 - Add elfutils-0.158-mod-e_type.patch.