From b4df087f1461e7a3671d971396c0ad1adeda75c9 Mon Sep 17 00:00:00 2001
From: Vladimír Čunát <vcunat@gmail.com>
Date: Sun, 20 Apr 2014 18:17:31 +0200
Subject: elfutils: fix CVE-2014-0172

Patch taken from upstream mailing-list.
---
 .../tools/misc/elfutils/CVE-2014-0172.patch        | 32 ++++++++++++++++++++++
 pkgs/development/tools/misc/elfutils/default.nix   |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch

(limited to 'pkgs/development/tools')

diff --git a/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch b/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch
new file mode 100644
index 00000000000..6553dea7b4c
--- /dev/null
+++ b/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch
@@ -0,0 +1,32 @@
+https://bugzilla.redhat.com/show_bug.cgi?id=1085663
+
+Reported-by: Florian Weimer <fweimer at redhat.com>
+Signed-off-by: Mark Wielaard <mjw at redhat.com>
+---
+ libdw/dwarf_begin_elf.c |    8 +++++++-
+ 2 files changed, 12 insertions(+), 1 deletions(-)
+
+diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
+index 79daeac..34ea373 100644
+--- a/libdw/dwarf_begin_elf.c
++++ b/libdw/dwarf_begin_elf.c
+@@ -1,5 +1,5 @@
+ /* Create descriptor from ELF descriptor for processing file.
+-   Copyright (C) 2002-2011 Red Hat, Inc.
++   Copyright (C) 2002-2011, 2014 Red Hat, Inc.
+    This file is part of elfutils.
+    Written by Ulrich Drepper <drepper at redhat.com>, 2002.
+ 
+@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp)
+ 	    memcpy (&size, data->d_buf + 4, sizeof size);
+ 	    size = be64toh (size);
+ 
++	    /* Check for unsigned overflow so malloc always allocated
++	       enough memory for both the Elf_Data header and the
++	       uncompressed section data.  */
++	    if (unlikely (sizeof (Elf_Data) + size < size))
++	      break;
++
+ 	    Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
+ 	    if (unlikely (zdata == NULL))
+ 	      break;
diff --git a/pkgs/development/tools/misc/elfutils/default.nix b/pkgs/development/tools/misc/elfutils/default.nix
index e2f6c693298..5ada382795c 100644
--- a/pkgs/development/tools/misc/elfutils/default.nix
+++ b/pkgs/development/tools/misc/elfutils/default.nix
@@ -14,6 +14,7 @@ stdenv.mkDerivation rec {
   };
 
   patches = [
+    ./CVE-2014-0172.patch
     (fetchurl {
       url = "http://fedorahosted.org/releases/e/l/elfutils/${version}/elfutils-portability.patch";
       sha256 = "0w8i94x9hqirgs2lwcd1g36s77r5svh4j1fgcrd6lx5w18vch0di";
-- 
cgit 1.4.1