summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYuanjie Huang <yuanjie.huang@windriver.com>2017-05-25 19:40:41 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-05-30 10:15:20 +0100
commit12f9c4ca9f75cc1186e8b4eac3aa9a1e561db4b1 (patch)
tree4f744ed26e794516fddaacd746010e6062b87274
parent02089be0163a9eadd1103b9e379396bd13c1a523 (diff)
downloadpoky-12f9c4ca9f75cc1186e8b4eac3aa9a1e561db4b1.tar.gz
binutils: fix CVE-2017-7210
CVE: CVE-2017-7210 [BZ 21157] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21157 PR binutils/21157: Fix handling of corrupt STABS enum type strings. (From OE-Core rev: d12a99cba6c9dc9e1f6bc3a7ca8057f07e9cb950) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.28.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch71
2 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index ed571b39e8..40b518bf7a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -42,6 +42,7 @@ SRC_URI = "\
42 file://CVE-2017-6969.patch \ 42 file://CVE-2017-6969.patch \
43 file://CVE-2017-6969_2.patch \ 43 file://CVE-2017-6969_2.patch \
44 file://CVE-2017-7209.patch \ 44 file://CVE-2017-7209.patch \
45 file://CVE-2017-7210.patch \
45" 46"
46S = "${WORKDIR}/git" 47S = "${WORKDIR}/git"
47 48
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch
new file mode 100644
index 0000000000..8791792c7c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch
@@ -0,0 +1,71 @@
1From 4da598a472e1d298825035e452e3bc68f714311c Mon Sep 17 00:00:00 2001
2From: Nick Clifton <nickc@redhat.com>
3Date: Tue, 14 Feb 2017 14:07:29 +0000
4Subject: Fix handling of corrupt STABS enum type strings.
5
6 PR binutils/21157
7 * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
8 pairs.
9 (parse_number): Exit early if passed an empty string.
10
11CVE: CVE-2017-7210
12Upstream-Status: Backport [master]
13
14Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
15---
16 binutils/ChangeLog | 7 +++++++
17 binutils/stabs.c | 14 +++++++++++++-
18 2 files changed, 20 insertions(+), 1 deletion(-)
19
20diff --git a/binutils/ChangeLog b/binutils/ChangeLog
21index cf92744c12..0045fbaaa6 100644
22--- a/binutils/ChangeLog
23+++ b/binutils/ChangeLog
24@@ -1,3 +1,10 @@
25+2017-02-14 Nick Clifton <nickc@redhat.com>
26+
27+ PR binutils/21157
28+ * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
29+ pairs.
30+ (parse_number): Exit early if passed an empty string.
31+
32 2017-02-13 Nick Clifton <nickc@redhat.com>
33
34 PR binutils/21135
35diff --git a/binutils/stabs.c b/binutils/stabs.c
36index f5c5d2d8e0..5d013cc361 100644
37--- a/binutils/stabs.c
38+++ b/binutils/stabs.c
39@@ -232,6 +232,10 @@ parse_number (const char **pp, bfd_boolean *poverflow)
40
41 orig = *pp;
42
43+ /* Stop early if we are passed an empty string. */
44+ if (*orig == 0)
45+ return (bfd_vma) 0;
46+
47 errno = 0;
48 ul = strtoul (*pp, (char **) pp, 0);
49 if (ul + 1 != 0 || errno == 0)
50@@ -1975,9 +1979,17 @@ parse_stab_enum_type (void *dhandle, const char **pp)
51 bfd_signed_vma val;
52
53 p = *pp;
54- while (*p != ':')
55+ while (*p != ':' && *p != 0)
56 ++p;
57
58+ if (*p == 0)
59+ {
60+ bad_stab (orig);
61+ free (names);
62+ free (values);
63+ return DEBUG_TYPE_NULL;
64+ }
65+
66 name = savestring (*pp, p - *pp);
67
68 *pp = p + 1;
69--
702.11.0
71