binutls: Security fix for CVE-2017-9753

Affects: <= 2.28 (From OE-Core rev: 02e45129712d7629bfbe3675ed8e735f66ae6301) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2017-11-26 16:30:28 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-12-11 22:02:59 +0000
commit: e6b8c7e0983691ae4b730864aade6ef83554d740 (patch)
tree: 67e658022298adf0bb47c90980ab15b857653b2b
parent: 9d446c19382e23871a098887d181fcb80d775e53 (diff)
download: poky-e6b8c7e0983691ae4b730864aade6ef83554d740.tar.gz
2 files changed, 80 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 68d21c8829..c6ef6478aa 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -64,6 +64,7 @@ SRC_URI = "\
     file://CVE-2017-9750.patch \
     file://CVE-2017-9751.patch \
     file://CVE-2017-9752.patch \
+     file://CVE-2017-9753.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch
new file mode 100644
index 0000000000..241142b570
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch
@@ -0,0 +1,79 @@
+From 04f963fd489cae724a60140e13984415c205f4ac Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 14 Jun 2017 10:35:16 +0100
+Subject: [PATCH] Fix seg-faults in objdump when disassembling a corrupt
+ versados binary.
+        PR binutils/21591
+        * versados.c (versados_mkobject): Zero the allocated tdata structure.
+        (process_otr): Check for an invalid offset in the otr structure.
+Upstream-Status: Backport
+CVE: CVE-2017-9753
+CVE: CVE-2017-9754
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog  |  6 ++++++
+ bfd/versados.c | 12 ++++++++----
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+Index: git/bfd/versados.c
+===================================================================
+--- git.orig/bfd/versados.c
+++ git/bfd/versados.c
+@@ -149,7 +149,7 @@ versados_mkobject (bfd *abfd)
+   if (abfd->tdata.versados_data == NULL)
+     {
+       bfd_size_type amt = sizeof (tdata_type);
+-      tdata_type *tdata = bfd_alloc (abfd, amt);
+      tdata_type *tdata = bfd_zalloc (abfd, amt);
+ 
+       if (tdata == NULL)
+        return FALSE;
+@@ -345,13 +345,13 @@ reloc_howto_type versados_howto_table[]
+ };
+ 
+ static int
+-get_offset (int len, unsigned char *ptr)
+get_offset (unsigned int len, unsigned char *ptr)
+ {
+   int val = 0;
+ 
+   if (len)
+     {
+-      int i;
+      unsigned int i;
+ 
+       val = *ptr++;
+       if (val & 0x80)
+@@ -394,9 +394,13 @@ process_otr (bfd *abfd, struct ext_otr *
+          int flag = *srcp++;
+          int esdids = (flag >> 5) & 0x7;
+          int sizeinwords = ((flag >> 3) & 1) ? 2 : 1;
+-         int offsetlen = flag & 0x7;
+         unsigned int offsetlen = flag & 0x7;
+          int j;
+ 
+         /* PR 21591: Check for invalid lengths.  */
+         if (srcp + esdids + offsetlen >= endp)
+           return;
+
+          if (esdids == 0)
+            {
+              /* A zero esdid means the new pc is the offset given.  */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -8,6 +8,10 @@
+        (ieee_archive_p): Likewise.
+ 
+ 2017-06-14  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21591
+       * versados.c (versados_mkobject): Zero the allocated tdata structure.
+       (process_otr): Check for an invalid offset in the otr structure.
+  
+        PR binutils/21589
+        * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
author	Armin Kuster <akuster808@gmail.com>	2017-11-26 16:30:28 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-12-11 22:02:59 +0000
commit	e6b8c7e0983691ae4b730864aade6ef83554d740 (patch)
tree	67e658022298adf0bb47c90980ab15b857653b2b
parent	9d446c19382e23871a098887d181fcb80d775e53 (diff)
download	poky-e6b8c7e0983691ae4b730864aade6ef83554d740.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index 68d21c8829..c6ef6478aa 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -64,6 +64,7 @@ SRC_URI = "\
64	file://CVE-2017-9750.patch \	64	file://CVE-2017-9750.patch \
65	file://CVE-2017-9751.patch \	65	file://CVE-2017-9751.patch \
66	file://CVE-2017-9752.patch \	66	file://CVE-2017-9752.patch \
		67	file://CVE-2017-9753.patch \
67	"	68	"
68	S = "${WORKDIR}/git"	69	S = "${WORKDIR}/git"
69		70


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch new file mode 100644 index 0000000000..241142b570 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch
@@ -0,0 +1,79 @@
		1	From 04f963fd489cae724a60140e13984415c205f4ac Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Wed, 14 Jun 2017 10:35:16 +0100
		4	Subject: [PATCH] Fix seg-faults in objdump when disassembling a corrupt
		5	versados binary.
		6
		7	PR binutils/21591
		8	* versados.c (versados_mkobject): Zero the allocated tdata structure.
		9	(process_otr): Check for an invalid offset in the otr structure.
		10
		11	Upstream-Status: Backport
		12	CVE: CVE-2017-9753
		13	CVE: CVE-2017-9754
		14	Signed-off-by: Armin Kuster <akuster@mvista.com>
		15
		16	---
		17	bfd/ChangeLog \| 6 ++++++
		18	bfd/versados.c \| 12 ++++++++----
		19	2 files changed, 14 insertions(+), 4 deletions(-)
		20
		21	Index: git/bfd/versados.c
		22	===================================================================
		23	--- git.orig/bfd/versados.c
		24	+++ git/bfd/versados.c
		25	@@ -149,7 +149,7 @@ versados_mkobject (bfd *abfd)
		26	if (abfd->tdata.versados_data == NULL)
		27	{
		28	bfd_size_type amt = sizeof (tdata_type);
		29	- tdata_type *tdata = bfd_alloc (abfd, amt);
		30	+ tdata_type *tdata = bfd_zalloc (abfd, amt);
		31
		32	if (tdata == NULL)
		33	return FALSE;
		34	@@ -345,13 +345,13 @@ reloc_howto_type versados_howto_table[]
		35	};
		36
		37	static int
		38	-get_offset (int len, unsigned char *ptr)
		39	+get_offset (unsigned int len, unsigned char *ptr)
		40	{
		41	int val = 0;
		42
		43	if (len)
		44	{
		45	- int i;
		46	+ unsigned int i;
		47
		48	val = *ptr++;
		49	if (val & 0x80)
		50	@@ -394,9 +394,13 @@ process_otr (bfd abfd, struct ext_otr
		51	int flag = *srcp++;
		52	int esdids = (flag >> 5) & 0x7;
		53	int sizeinwords = ((flag >> 3) & 1) ? 2 : 1;
		54	- int offsetlen = flag & 0x7;
		55	+ unsigned int offsetlen = flag & 0x7;
		56	int j;
		57
		58	+ /* PR 21591: Check for invalid lengths. */
		59	+ if (srcp + esdids + offsetlen >= endp)
		60	+ return;
		61	+
		62	if (esdids == 0)
		63	{
		64	/* A zero esdid means the new pc is the offset given. */
		65	Index: git/bfd/ChangeLog
		66	===================================================================
		67	--- git.orig/bfd/ChangeLog
		68	+++ git/bfd/ChangeLog
		69	@@ -8,6 +8,10 @@
		70	(ieee_archive_p): Likewise.
		71
		72	2017-06-14 Nick Clifton <nickc@redhat.com>
		73	+
		74	+ PR binutils/21591
		75	+ * versados.c (versados_mkobject): Zero the allocated tdata structure.
		76	+ (process_otr): Check for an invalid offset in the otr structure.
		77
		78	PR binutils/21589
		79	* vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the