Fix CVE-2025-0840 for binutils (microsoft#12254)

Co-authored-by: Sam Meluch <109628994+sameluch@users.noreply.github.com> Co-authored-by: jslobodzian <joslobo@microsoft.com>
v-smalavathu · Feb 24, 2025 · 1ede019 · 1ede019
1 parent 8d37859
commit 1ede019
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 13 deletions.
diff --git a/SPECS/binutils/CVE-2025-0840.patch b/SPECS/binutils/CVE-2025-0840.patch
@@ -0,0 +1,49 @@
+From e692412cf74604829a21a7a23857a772d2197788 Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit <sudpandit@microsoft.com>
+Date: Fri, 7 Feb 2025 01:57:06 +0530
+Subject: [PATCH] Backport fix for CVE-2025-0840
+
+Reference: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893
+
+---
+ binutils/objdump.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index a35982ea..2efbf4b0 100644
+--- a/binutils/objdump.c
++++ b/binutils/objdump.c
+@@ -116,7 +116,8 @@ static bool disassemble_all;		/* -D */
+ static int disassemble_zeroes;		/* --disassemble-zeroes */
+ static bool formats_info;		/* -i */
+ int wide_output;			/* -w */
+-static int insn_width;			/* --insn-width */
++#define MAX_INSN_WIDTH 49
++static unsigned long insn_width;			/* --insn-width */
+ static bfd_vma start_address = (bfd_vma) -1; /* --start-address */
+ static bfd_vma stop_address = (bfd_vma) -1;  /* --stop-address */
+ static int dump_debugging;		/* --debugging */
+@@ -3315,7 +3316,7 @@ disassemble_bytes (struct disassemble_info *inf,
+ 	}
+       else
+ 	{
+-	  char buf[50];
++	  char buf[MAX_INSN_WIDTH + 1];
+ 	  unsigned int bpc = 0;
+ 	  unsigned int pb = 0;
+
+@@ -5976,8 +5977,9 @@ main (int argc, char **argv)
+ 	  break;
+ 	case OPTION_INSN_WIDTH:
+ 	  insn_width = strtoul (optarg, NULL, 0);
+-	  if (insn_width <= 0)
+-	    fatal (_("error: instruction width must be positive"));
++	  if (insn_width - 1 >= MAX_INSN_WIDTH)
++	    fatal (_("error: instruction width must be in the range 1 to "
++		     XSTRING (MAX_INSN_WIDTH)));
+ 	  break;
+ 	case OPTION_INLINES:
+ 	  unwind_inlines = true;
+-- 
+2.34.1
+
diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec
@@ -21,7 +21,7 @@
 Summary:        Contains a linker, an assembler, and other tools
 Name:           binutils
 Version:        2.41
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -36,6 +36,7 @@ Patch2:         CVE-2025-1176.patch
 Patch3:         CVE-2025-1178.patch
 Patch4:         CVE-2025-1181.patch
 Patch5:         CVE-2025-1182.patch
+Patch6:         CVE-2025-0840.patch
 Provides:       bundled(libiberty)
 
 # Moving macro before the "SourceX" tags breaks PR checks parsing the specs.
@@ -325,6 +326,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %do_files aarch64-linux-gnu %{build_aarch64}
 
 %changelog
+* Sun Feb 23 2025 Sudipta Pandit <sudpandit@microsoft.com> - 2.41-4
+- Fix CVE-2025-0840 by backporting upstream patch
+
 * Mon Feb 17 2025 Sindhu Karri <lakarri@microsoft.com> - 2.41-3
 - Fix CVE-2025-1176, CVE-2025-1178, CVE-2025-1181, CVE-2025-1182
 

diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -13,8 +13,8 @@ zlib-devel-1.3.1-1.azl3.aarch64.rpm
 file-5.45-1.azl3.aarch64.rpm
 file-devel-5.45-1.azl3.aarch64.rpm
 file-libs-5.45-1.azl3.aarch64.rpm
-binutils-2.41-3.azl3.aarch64.rpm
-binutils-devel-2.41-3.azl3.aarch64.rpm
+binutils-2.41-4.azl3.aarch64.rpm
+binutils-devel-2.41-4.azl3.aarch64.rpm
 gmp-6.3.0-1.azl3.aarch64.rpm
 gmp-devel-6.3.0-1.azl3.aarch64.rpm
 mpfr-4.2.1-1.azl3.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -13,8 +13,8 @@ zlib-devel-1.3.1-1.azl3.x86_64.rpm
 file-5.45-1.azl3.x86_64.rpm
 file-devel-5.45-1.azl3.x86_64.rpm
 file-libs-5.45-1.azl3.x86_64.rpm
-binutils-2.41-3.azl3.x86_64.rpm
-binutils-devel-2.41-3.azl3.x86_64.rpm
+binutils-2.41-4.azl3.x86_64.rpm
+binutils-devel-2.41-4.azl3.x86_64.rpm
 gmp-6.3.0-1.azl3.x86_64.rpm
 gmp-devel-6.3.0-1.azl3.x86_64.rpm
 mpfr-4.2.1-1.azl3.x86_64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -28,9 +28,9 @@ bash-5.2.15-3.azl3.aarch64.rpm
 bash-debuginfo-5.2.15-3.azl3.aarch64.rpm
 bash-devel-5.2.15-3.azl3.aarch64.rpm
 bash-lang-5.2.15-3.azl3.aarch64.rpm
-binutils-2.41-3.azl3.aarch64.rpm
-binutils-debuginfo-2.41-3.azl3.aarch64.rpm
-binutils-devel-2.41-3.azl3.aarch64.rpm
+binutils-2.41-4.azl3.aarch64.rpm
+binutils-debuginfo-2.41-4.azl3.aarch64.rpm
+binutils-devel-2.41-4.azl3.aarch64.rpm
 bison-3.8.2-1.azl3.aarch64.rpm
 bison-debuginfo-3.8.2-1.azl3.aarch64.rpm
 bzip2-1.0.8-1.azl3.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -30,10 +30,10 @@ bash-5.2.15-3.azl3.x86_64.rpm
 bash-debuginfo-5.2.15-3.azl3.x86_64.rpm
 bash-devel-5.2.15-3.azl3.x86_64.rpm
 bash-lang-5.2.15-3.azl3.x86_64.rpm
-binutils-2.41-3.azl3.x86_64.rpm
-binutils-aarch64-linux-gnu-2.41-3.azl3.x86_64.rpm
-binutils-debuginfo-2.41-3.azl3.x86_64.rpm
-binutils-devel-2.41-3.azl3.x86_64.rpm
+binutils-2.41-4.azl3.x86_64.rpm
+binutils-aarch64-linux-gnu-2.41-4.azl3.x86_64.rpm
+binutils-debuginfo-2.41-4.azl3.x86_64.rpm
+binutils-devel-2.41-4.azl3.x86_64.rpm
 bison-3.8.2-1.azl3.x86_64.rpm
 bison-debuginfo-3.8.2-1.azl3.x86_64.rpm
 bzip2-1.0.8-1.azl3.x86_64.rpm
@@ -68,7 +68,7 @@ cracklib-lang-2.9.11-1.azl3.x86_64.rpm
 createrepo_c-1.0.3-1.azl3.x86_64.rpm
 createrepo_c-debuginfo-1.0.3-1.azl3.x86_64.rpm
 createrepo_c-devel-1.0.3-1.azl3.x86_64.rpm
-cross-binutils-common-2.41-3.azl3.noarch.rpm
+cross-binutils-common-2.41-4.azl3.noarch.rpm
 cross-gcc-common-13.2.0-7.azl3.noarch.rpm
 curl-8.8.0-4.azl3.x86_64.rpm
 curl-debuginfo-8.8.0-4.azl3.x86_64.rpm