[arch-commits] Commit in elfutils/trunk (CVE-2014-0172.patch PKGBUILD)

Laurent Carlier lcarlier at nymeria.archlinux.org
Mon Apr 28 16:27:18 UTC 2014 

    Date: Monday, April 28, 2014 @ 18:27:18
  Author: lcarlier
Revision: 211885

upgpkg: elfutils 0.158-2

fix CVE-2014-0172

Modified:
  elfutils/trunk/CVE-2014-0172.patch
  elfutils/trunk/PKGBUILD

---------------------+
 CVE-2014-0172.patch |   37 +++++++++++++++++++++++++++++++++++++
 PKGBUILD            |    2 +-
 2 files changed, 38 insertions(+), 1 deletion(-)

Modified: CVE-2014-0172.patch
===================================================================
--- CVE-2014-0172.patch	2014-04-28 16:11:37 UTC (rev 211884)
+++ CVE-2014-0172.patch	2014-04-28 16:27:18 UTC (rev 211885)
@@ -0,0 +1,37 @@
+From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mjw at redhat.com>
+Date: Wed, 9 Apr 2014 11:33:23 +0200
+Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to
+ uncompress data.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1085663
+
+Reported-by: Florian Weimer <fweimer at redhat.com>
+Signed-off-by: Mark Wielaard <mjw at redhat.com>
+diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
+index 79daeac..34ea373 100644
+--- a/libdw/dwarf_begin_elf.c
++++ b/libdw/dwarf_begin_elf.c
+@@ -1,5 +1,5 @@
+ /* Create descriptor from ELF descriptor for processing file.
+-   Copyright (C) 2002-2011 Red Hat, Inc.
++   Copyright (C) 2002-2011, 2014 Red Hat, Inc.
+    This file is part of elfutils.
+    Written by Ulrich Drepper <drepper at redhat.com>, 2002.
+ 
+@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp)
+ 	    memcpy (&size, data->d_buf + 4, sizeof size);
+ 	    size = be64toh (size);
+ 
++	    /* Check for unsigned overflow so malloc always allocated
++	       enough memory for both the Elf_Data header and the
++	       uncompressed section data.  */
++	    if (unlikely (sizeof (Elf_Data) + size < size))
++	      break;
++
+ 	    Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
+ 	    if (unlikely (zdata == NULL))
+ 	      break;
+-- 
+1.9.2
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-04-28 16:11:37 UTC (rev 211884)
+++ PKGBUILD	2014-04-28 16:27:18 UTC (rev 211885)
@@ -20,7 +20,7 @@
 sha1sums=('09adbbf0f3a35bb1bcb77c2eaa40de8d3443af4d'
           'SKIP'
           '8ecef640f3d1229cdf45ffda016a69848c18e61b'
-          'da39a3ee5e6b4b0d3255bfef95601890afd80709')
+          '3e776c07d6ca2c7604a384d266f79c3ece1fb179')
 
 prepare() {
   cd ${pkgname}-${pkgver}

More information about the arch-commits mailing list