git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/blob

   1 From c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57 Mon Sep 17 00:00:00 2001
   2 From: Nick Clifton <nickc@redhat.com>
   3 Date: Thu, 30 Mar 2023 10:10:09 +0100
   4 Subject: [PATCH] Fix an illegal memory access when an accessing a
   5  zer0-lengthverdef table.
   6
   7   PR 30285
   8   * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated.
   9
  10 CVE: CVE-2023-1972
  11 Upstream-Status: Backport
  12 Signed-off-by: Ross Burton <ross.burton@arm.com>
  13 ---
  14  bfd/ChangeLog | 6 ++++++
  15  bfd/elf.c     | 5 +++++
  16  2 files changed, 11 insertions(+)
  17
  18 diff --git a/bfd/elf.c b/bfd/elf.c
  19 index 027d0143735..185028cbd97 100644
  20 --- a/bfd/elf.c
  21 +++ b/bfd/elf.c
  22 @@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
  23           bfd_set_error (bfd_error_file_too_big);
  24           goto error_return_verdef;
  25         }
  26 +
  27 +      if (amt == 0)
  28 +       goto error_return_verdef;
  29        elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
  30        if (elf_tdata (abfd)->verdef == NULL)
  31         goto error_return_verdef;
  32 @@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
  33           bfd_set_error (bfd_error_file_too_big);
  34           goto error_return;
  35         }
  36 +      if (amt == 0)
  37 +       goto error_return;
  38        elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
  39        if (elf_tdata (abfd)->verdef == NULL)
  40         goto error_return;
  41 --
  42 2.34.1
  43