blob: fa8fbd2aeeb9a5272345afc8bc400ea3a3317505 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 24 Apr 2018 16:57:04 +0100
Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF
binary with corrupt section symbols.
PR 23113
* elf.c (ignore_section_sym): Check for the output_section pointer
being NULL before dereferencing it.
Upstream-Status: Backport
CVE: CVE-2018-10535
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
bfd/ChangeLog | 4 ++++
bfd/elf.c | 9 ++++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
Index: git/bfd/elf.c
===================================================================
--- git.orig/bfd/elf.c
+++ git/bfd/elf.c
@@ -4021,15 +4021,22 @@ ignore_section_sym (bfd *abfd, asymbol *
{
elf_symbol_type *type_ptr;
+ if (sym == NULL)
+ return FALSE;
+
if ((sym->flags & BSF_SECTION_SYM) == 0)
return FALSE;
+ if (sym->section == NULL)
+ return TRUE;
+
type_ptr = elf_symbol_from (abfd, sym);
return ((type_ptr != NULL
&& type_ptr->internal_elf_sym.st_shndx != 0
&& bfd_is_abs_section (sym->section))
|| !(sym->section->owner == abfd
- || (sym->section->output_section->owner == abfd
+ || (sym->section->output_section != NULL
+ && sym->section->output_section->owner == abfd
&& sym->section->output_offset == 0)
|| bfd_is_abs_section (sym->section)));
}
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2018-04-24 Nick Clifton <nickc@redhat.com>
+
+ PR 23113
+ * elf.c (ignore_section_sym): Check for the output_section pointer
+ being NULL before dereferencing it.
+
2018-04-17 Nick Clifton <nickc@redhat.com>
PR 23065
|
