Bug 200888 - [patch] libiberty: integer overflow (CVE-2012-3509)
Summary: [patch] libiberty: integer overflow (CVE-2012-3509)
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: gnu (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Pedro F. Giffuni
URL:
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2015-06-15 22:11 UTC by Pedro F. Giffuni
Modified: 2017-12-12 12:59 UTC (History)
0 users

See Also:
pfg: mfc-stable10+
pfg: mfc-stable9+

Attachments
fix from OpenBSD (2.08 KB, patch)
2015-06-15 22:11 UTC, Pedro F. Giffuni 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pedro F. Giffuni freebsd_committer freebsd_triage 2015-06-15 22:11:49 UTC 
Created attachment 157772 [details]
fix from OpenBSD

CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary.

I stopped using gcc a while ago so I have no idea how useful/important this may be.

OpenBSD has applied the following change:

http://freshbsd.org/commit/openbsd/c507578c3b16e773f91845211533295791f6b94d

I have translated it to the attached patch.
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-06-03 21:37:38 UTC 
A commit references this bug:

Author: pfg
Date: Fri Jun  3 21:37:24 UTC 2016
New revision: 301291
URL: https://svnweb.freebsd.org/changeset/base/301291

Log:
  libiberty: prevent integer overflow.

  Take care of very old bug leading to heap-buffer overflow by
  processing certain file headers via bfd binary.

  PR:		200888
  Obtained from:	OpenBSD
  MFC after:	2 weeks

Changes:
  head/contrib/gcclibs/include/objalloc.h
  head/contrib/gcclibs/libiberty/objalloc.c
Comment 2 Pedro F. Giffuni freebsd_committer freebsd_triage 2016-06-08 00:50:21 UTC 
(I am taking care of this)
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-06-17 02:30:13 UTC 
A commit references this bug:

Author: pfg
Date: Fri Jun 17 02:29:56 UTC 2016
New revision: 301976
URL: https://svnweb.freebsd.org/changeset/base/301976

Log:
  MFC r301291:
  libiberty: prevent integer overflow.

  Take care of very old bug leading to heap-buffer overflow by
  processing certain file headers via bfd binary.

  PR:		200888
  Obtained from:	OpenBSD

Changes:
_U  stable/10/
  stable/10/contrib/gcclibs/include/objalloc.h
  stable/10/contrib/gcclibs/libiberty/objalloc.c
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-06-17 02:32:14 UTC 
A commit references this bug:

Author: pfg
Date: Fri Jun 17 02:31:19 UTC 2016
New revision: 301977
URL: https://svnweb.freebsd.org/changeset/base/301977

Log:
  MFC r301291:
  libiberty: prevent integer overflow.

  Take care of very old bug leading to heap-buffer overflow by
  processing certain file headers via bfd binary.

  PR:		200888
  Obtained from:	OpenBSD

Changes:
_U  stable/9/contrib/gcclibs/
  stable/9/contrib/gcclibs/include/objalloc.h
  stable/9/contrib/gcclibs/libiberty/objalloc.c
Comment 5 commit-hook freebsd_committer freebsd_triage 2017-12-12 12:59:42 UTC 
A commit references this bug:

Author: danfe
Date: Tue Dec 12 12:59:05 UTC 2017
New revision: 326795
URL: https://svnweb.freebsd.org/changeset/base/326795

Log:
  MFC r301291:

    libiberty: prevent integer overflow.

    Take care of very old bug leading to heap-buffer overflow by
    processing certain file headers via bfd binary.

    PR:		200888
    Obtained from:	OpenBSD

  Approved by:	pfg

Changes:
_U  stable/8/contrib/gcclibs/
  stable/8/contrib/gcclibs/include/objalloc.h
  stable/8/contrib/gcclibs/libiberty/objalloc.c