Bug 200888 - [patch] libiberty: integer overflow (CVE-2012-3509)
Summary: [patch] libiberty: integer overflow (CVE-2012-3509)
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: gnu (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Pedro F. Giffuni
URL:
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2015-06-15 22:11 UTC by Pedro F. Giffuni
Modified: 2017-12-12 12:59 UTC (History)
0 users

See Also:
pfg: mfc-stable10+
pfg: mfc-stable9+


Attachments
fix from OpenBSD (2.08 KB, patch)
2015-06-15 22:11 UTC, Pedro F. Giffuni
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Pedro F. Giffuni freebsd_committer 2015-06-15 22:11:49 UTC
Created attachment 157772 [details]
fix from OpenBSD

CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary.

I stopped using gcc a while ago so I have no idea how useful/important this may be.

OpenBSD has applied the following change:

http://freshbsd.org/commit/openbsd/c507578c3b16e773f91845211533295791f6b94d

I have translated it to the attached patch.
Comment 1 commit-hook freebsd_committer 2016-06-03 21:37:38 UTC
A commit references this bug:

Author: pfg
Date: Fri Jun  3 21:37:24 UTC 2016
New revision: 301291
URL: https://svnweb.freebsd.org/changeset/base/301291

Log:
  libiberty: prevent integer overflow.

  Take care of very old bug leading to heap-buffer overflow by
  processing certain file headers via bfd binary.

  PR:		200888
  Obtained from:	OpenBSD
  MFC after:	2 weeks

Changes:
  head/contrib/gcclibs/include/objalloc.h
  head/contrib/gcclibs/libiberty/objalloc.c
Comment 2 Pedro F. Giffuni freebsd_committer 2016-06-08 00:50:21 UTC
(I am taking care of this)
Comment 3 commit-hook freebsd_committer 2016-06-17 02:30:13 UTC
A commit references this bug:

Author: pfg
Date: Fri Jun 17 02:29:56 UTC 2016
New revision: 301976
URL: https://svnweb.freebsd.org/changeset/base/301976

Log:
  MFC r301291:
  libiberty: prevent integer overflow.

  Take care of very old bug leading to heap-buffer overflow by
  processing certain file headers via bfd binary.

  PR:		200888
  Obtained from:	OpenBSD

Changes:
_U  stable/10/
  stable/10/contrib/gcclibs/include/objalloc.h
  stable/10/contrib/gcclibs/libiberty/objalloc.c
Comment 4 commit-hook freebsd_committer 2016-06-17 02:32:14 UTC
A commit references this bug:

Author: pfg
Date: Fri Jun 17 02:31:19 UTC 2016
New revision: 301977
URL: https://svnweb.freebsd.org/changeset/base/301977

Log:
  MFC r301291:
  libiberty: prevent integer overflow.

  Take care of very old bug leading to heap-buffer overflow by
  processing certain file headers via bfd binary.

  PR:		200888
  Obtained from:	OpenBSD

Changes:
_U  stable/9/contrib/gcclibs/
  stable/9/contrib/gcclibs/include/objalloc.h
  stable/9/contrib/gcclibs/libiberty/objalloc.c
Comment 5 commit-hook freebsd_committer 2017-12-12 12:59:42 UTC
A commit references this bug:

Author: danfe
Date: Tue Dec 12 12:59:05 UTC 2017
New revision: 326795
URL: https://svnweb.freebsd.org/changeset/base/326795

Log:
  MFC r301291:

    libiberty: prevent integer overflow.

    Take care of very old bug leading to heap-buffer overflow by
    processing certain file headers via bfd binary.

    PR:		200888
    Obtained from:	OpenBSD

  Approved by:	pfg

Changes:
_U  stable/8/contrib/gcclibs/
  stable/8/contrib/gcclibs/include/objalloc.h
  stable/8/contrib/gcclibs/libiberty/objalloc.c