diff options
Diffstat (limited to 'abs/core/elfutils/CVE-2014-0172.patch')
-rw-r--r-- | abs/core/elfutils/CVE-2014-0172.patch | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/abs/core/elfutils/CVE-2014-0172.patch b/abs/core/elfutils/CVE-2014-0172.patch deleted file mode 100644 index 5f9541d..0000000 --- a/abs/core/elfutils/CVE-2014-0172.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001 -From: Mark Wielaard <mjw@redhat.com> -Date: Wed, 9 Apr 2014 11:33:23 +0200 -Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to - uncompress data. - -https://bugzilla.redhat.com/show_bug.cgi?id=1085663 - -Reported-by: Florian Weimer <fweimer@redhat.com> -Signed-off-by: Mark Wielaard <mjw@redhat.com> -diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c -index 79daeac..34ea373 100644 ---- a/libdw/dwarf_begin_elf.c -+++ b/libdw/dwarf_begin_elf.c -@@ -1,5 +1,5 @@ - /* Create descriptor from ELF descriptor for processing file. -- Copyright (C) 2002-2011 Red Hat, Inc. -+ Copyright (C) 2002-2011, 2014 Red Hat, Inc. - This file is part of elfutils. - Written by Ulrich Drepper <drepper@redhat.com>, 2002. - -@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp) - memcpy (&size, data->d_buf + 4, sizeof size); - size = be64toh (size); - -+ /* Check for unsigned overflow so malloc always allocated -+ enough memory for both the Elf_Data header and the -+ uncompressed section data. */ -+ if (unlikely (sizeof (Elf_Data) + size < size)) -+ break; -+ - Elf_Data *zdata = malloc (sizeof (Elf_Data) + size); - if (unlikely (zdata == NULL)) - break; --- -1.9.2 - |