Summary: | CVE-2018-20671 objdump integer overflow in load_specific_debug_section | ||
---|---|---|---|
Product: | binutils | Reporter: | tfx <tfx_sec> |
Component: | binutils | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | nickc, tfx_sec |
Priority: | P2 | ||
Version: | 2.32 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | ||
Attachments: |
POC3
patch |
Description
tfx
2018-12-19 03:11:05 UTC
Created attachment 11474 [details]
patch
The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca commit 11fa9f134fd658075c6f74499c780df045d9e9ca Author: Nick Clifton <nickc@redhat.com> Date: Fri Jan 4 13:44:34 2019 +0000 Fix a possible integer overflow problem when examining corrupt binaries using a 32-bit binutil. PR 24005 * objdump.c (load_specific_debug_section): Check for integer overflow before attempting to allocate contents. Hi mhsec, Thanks for reporting this problem. Unfortunately your proposed patch will not work as it will prevent the tools from handling 64-bit binaries with very large section sizes. Instead I have checked in an alternative patch which checks for integer overflow before attempting to allocate any memory, which prevents the heap corruption from happening. Cheers Nick (In reply to Nick Clifton from comment #3) > Hi mhsec, > > Thanks for reporting this problem. Unfortunately your proposed patch > will not work as it will prevent the tools from handling 64-bit binaries > with very large section sizes. > > Instead I have checked in an alternative patch which checks for integer > overflow before attempting to allocate any memory, which prevents the > heap corruption from happening. > > Cheers > Nick Hi Nick I think the problem still exist if file size more than 0x100000000. `amt > bfd_get_file_size (abfd)` (In reply to mhsec from comment #4) > I think the problem still exist if file size more than 0x100000000. A file bigger than 100 gigabytes ? Yes that probably would cause problems for lots of tools, not just objdump. It's 4GB, not 100GB. Of course I also think that this situation does not have to be considered. So my patch might work. |