nasm: fix CVE-2018-1000667

Since the latest nasm is 2.14rc16 (not formal release), so backport a patch to 2.13 to fix CVE-2018-1000667. (From OE-Core rev: 024b395425c95a08c881d922c310be78ffad483a) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hongxu Jia <hongxu.jia@windriver.com> 2018-10-23 04:35:06 -0400
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-11-07 23:08:54 +0000
commit: 68b68dc28a08acf90ca5646be501e8dd2a87bc3a (patch)
tree: 46c07cc26faa62f79c4036b0a2354b585d7cc358
parent: 886922a0b3636c5809b526afb5496679c1196f4d (diff)
download: poky-68b68dc28a08acf90ca5646be501e8dd2a87bc3a.tar.gz
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch b/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch
new file mode 100644
index 0000000000..2121fd17f3
--- /dev/null
+++ b/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch
@@ -0,0 +1,37 @@
+From a2f43331a853b7cc449cae3361ee1fb54c7fad8d Mon Sep 17 00:00:00 2001
+From: Cyrill Gorcunov <gorcunov@gmail.com>
+Date: Sat, 29 Sep 2018 14:30:14 +0300
+Subject: [PATCH] preproc: parse_size -- Check for string provided
+In case if the string is nil we will have sigsegv.
+https://bugzilla.nasm.us/show_bug.cgi?id=3392507
+Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
+CVE: CVE-2018-1000667
+Upstream-Status: Backport
+https://repo.or.cz/nasm/nasm.git/commit/c713b5f994cf7b29164c3b6838b91f0499591434
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ asm/preproc.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+diff --git a/asm/preproc.c b/asm/preproc.c
+index 475926d..1d770a5 100644
+--- a/asm/preproc.c
+++ b/asm/preproc.c
+@@ -2216,8 +2216,7 @@ static int parse_size(const char *str) {
+         { "byte", "dword", "oword", "qword", "tword", "word", "yword" };
+     static const int sizes[] =
+         { 0, 1, 4, 16, 8, 10, 2, 32 };
+-
+-    return sizes[bsii(str, size_names, ARRAY_SIZE(size_names))+1];
+    return str ? sizes[bsii(str, size_names, ARRAY_SIZE(size_names))+1] : 0;
+ }
+ 
+ /*
+-- 
+2.8.1
diff --git a/meta/recipes-devtools/nasm/nasm_2.13.03.bb b/meta/recipes-devtools/nasm/nasm_2.13.03.bb
index 730db1d8c2..de4c55446a 100644
--- a/meta/recipes-devtools/nasm/nasm_2.13.03.bb
+++ b/meta/recipes-devtools/nasm/nasm_2.13.03.bb
@@ -9,6 +9,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
           file://0001-fix-CVE-2018-8882.patch \
           file://0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch \
           file://0001-eval-Eliminate-division-by-zero.patch \
+           file://0001-preproc-parse_size-Check-for-string-provided.patch \
           "
 SRC_URI[md5sum] = "0c581d482f39d5111879ca9601938f74"
author	Hongxu Jia <hongxu.jia@windriver.com>	2018-10-23 04:35:06 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-11-07 23:08:54 +0000
commit	68b68dc28a08acf90ca5646be501e8dd2a87bc3a (patch)
tree	46c07cc26faa62f79c4036b0a2354b585d7cc358
parent	886922a0b3636c5809b526afb5496679c1196f4d (diff)
download	poky-68b68dc28a08acf90ca5646be501e8dd2a87bc3a.tar.gz

diff --git a/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch b/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch new file mode 100644 index 0000000000..2121fd17f3 --- /dev/null +++ b/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch
@@ -0,0 +1,37 @@
		1	From a2f43331a853b7cc449cae3361ee1fb54c7fad8d Mon Sep 17 00:00:00 2001
		2	From: Cyrill Gorcunov <gorcunov@gmail.com>
		3	Date: Sat, 29 Sep 2018 14:30:14 +0300
		4	Subject: [PATCH] preproc: parse_size -- Check for string provided
		5
		6	In case if the string is nil we will have sigsegv.
		7
		8	https://bugzilla.nasm.us/show_bug.cgi?id=3392507
		9
		10	Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
		11
		12	CVE: CVE-2018-1000667
		13	Upstream-Status: Backport
		14	https://repo.or.cz/nasm/nasm.git/commit/c713b5f994cf7b29164c3b6838b91f0499591434
		15
		16	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
		17	---
		18	asm/preproc.c \| 3 +--
		19	1 file changed, 1 insertion(+), 2 deletions(-)
		20
		21	diff --git a/asm/preproc.c b/asm/preproc.c
		22	index 475926d..1d770a5 100644
		23	--- a/asm/preproc.c
		24	+++ b/asm/preproc.c
		25	@@ -2216,8 +2216,7 @@ static int parse_size(const char *str) {
		26	{ "byte", "dword", "oword", "qword", "tword", "word", "yword" };
		27	static const int sizes[] =
		28	{ 0, 1, 4, 16, 8, 10, 2, 32 };
		29	-
		30	- return sizes[bsii(str, size_names, ARRAY_SIZE(size_names))+1];
		31	+ return str ? sizes[bsii(str, size_names, ARRAY_SIZE(size_names))+1] : 0;
		32	}
		33
		34	/*
		35	--
		36	2.8.1
		37


diff --git a/meta/recipes-devtools/nasm/nasm_2.13.03.bb b/meta/recipes-devtools/nasm/nasm_2.13.03.bb index 730db1d8c2..de4c55446a 100644 --- a/meta/recipes-devtools/nasm/nasm_2.13.03.bb +++ b/meta/recipes-devtools/nasm/nasm_2.13.03.bb
@@ -9,6 +9,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
9	file://0001-fix-CVE-2018-8882.patch \	9	file://0001-fix-CVE-2018-8882.patch \
10	file://0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch \	10	file://0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch \
11	file://0001-eval-Eliminate-division-by-zero.patch \	11	file://0001-eval-Eliminate-division-by-zero.patch \
		12	file://0001-preproc-parse_size-Check-for-string-provided.patch \
12	"	13	"
13		14
14	SRC_URI[md5sum] = "0c581d482f39d5111879ca9601938f74"	15	SRC_URI[md5sum] = "0c581d482f39d5111879ca9601938f74"