Backport patch for CVE-2022-4285

2023-01-03 16:43:16 +01:00 · 2023-01-03 16:43:16 +01:00 · 28148d9f5c
commit 28148d9f5c
parent 23caca7ba6
2 changed files with 21 additions and 1 deletions
--- a/CVE-2022-4285.patch
+++ b/CVE-2022-4285.patch
@ -0,0 +1,14 @@
+diff -rupN --no-dereference binutils-2.39/bfd/elf.c binutils-2.39-new/bfd/elf.c
+--- binutils-2.39/bfd/elf.c	2023-01-03 14:19:15.884413890 +0100
+++ binutils-2.39-new/bfd/elf.c	2023-01-03 14:19:28.670166584 +0100
+@@ -8868,7 +8868,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 	  bfd_set_error (bfd_error_file_too_big);
+ 	  goto error_return_verref;
+ 	}
+-      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
+      if (amt == 0)
+	goto error_return_verref;
+      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verref == NULL)
+ 	goto error_return_verref;
+ 
--- a/mingw-binutils.spec
+++ b/mingw-binutils.spec
@ -3,7 +3,7 @@

 Name:           mingw-binutils
 Version:        2.39
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Cross-compiled version of binutils for Win32 and Win64 environments

 License:        GPLv2+ and LGPLv2+ and GPLv3+ and LGPLv3+
@ -132,6 +132,9 @@ Patch20: binutils-gas-dwarf-skip-empty-functions.patch
 # Backport patch for CVE-2022-38533
 Patch21: CVE-2022-38533.patch

+# Backport patch for CVE-2022-4285
+Patch22: CVE-2022-4285.patch
+

 BuildRequires:  make
 BuildRequires:  gcc
@ -464,6 +467,9 @@ rm -rf %{buildroot}%{_mandir}/man1/*


 %changelog
+* Tue Jan 03 2023 Sandro Mani <manisandro@gmail.com> - 2.39-3
+- Backport patch for CVE-2022-4285
+
 * Sun Oct 30 2022 Sandro Mani <manisandro@gmail.com> - 2.39-2
 - Backport patch for CVE-2022-38533