From 4a45ace18ee164914d795f6ae41f3e699bd67840 Mon Sep 17 00:00:00 2001
From: Leonardo Arena <rnalrd@alpinelinux.org>
Date: Wed, 26 Apr 2017 12:09:23 +0000
Subject: main/elfutils: security fixes #7160

---
 main/elfutils/CVE-2017-7607.patch | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 main/elfutils/CVE-2017-7607.patch

(limited to 'main/elfutils/CVE-2017-7607.patch')

diff --git a/main/elfutils/CVE-2017-7607.patch b/main/elfutils/CVE-2017-7607.patch
new file mode 100644
index 0000000000..b4af2fe3db
--- /dev/null
+++ b/main/elfutils/CVE-2017-7607.patch
@@ -0,0 +1,34 @@
+From: Mark Wielaard <mark at klomp dot org>
+To: elfutils-devel at sourceware dot org
+Cc: Mark Wielaard <mark at klomp dot org>
+Subject: [PATCH] readelf: Fix off by one sanity check in handle_gnu_hash.
+Date: Fri, 24 Mar 2017 12:15:02 +0100
+Message-Id: <1490354102-21353-1-git-send-email-mark@klomp.org>
+X-Mailer: git-send-email 1.8.3.1
+
+We sanity check to make sure we don't index outside the chain array
+by testing inner > max_nsyms. But inner is a zero-based index, while
+max_nsyms is the maximum number. Change the check to inner >= max_nsyms.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=21299
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ src/readelf.c | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 8d96ba3..490b6d5 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -3263,7 +3263,7 @@ handle_gnu_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
+ 	    ++nsyms;
+ 	    if (maxlength < ++lengths[cnt])
+ 	      ++maxlength;
+-	    if (inner > max_nsyms)
++	    if (inner >= max_nsyms)
+ 	      goto invalid_data;
+ 	  }
+ 	while ((chain[inner++] & 1) == 0);
+-- 
+1.8.3.1
-- 
cgit v1.2.3