binutils: CVE-2017-9755

Source: binutils-gdb.git MR: 73932 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 49ad5f3244cd51ee6714c1b60cc1c3f84d7de7c8 Description: i386-dis: Add 2 tests with invalid bnd register PR binutils/21594 * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd register. * testsuite/gas/i386/x86-64-mpx.s: Likewise. * testsuite/gas/i386/mpx.d: Updated. * testsuite/gas/i386/x86-64-mpx.d: Likewise. i386-dis: Check valid bnd register Since there are only 4 bnd registers, return "(bad)" for register number > 3. PR binutils/21594 * i386-dis.c (OP_E_register): Check valid bnd register. (OP_G): Likewise. Affects: <= 2.28 Author: H.J. Lu <hjl.tools@gmail.com> (From OE-Core rev: 98b66508f8b382f047d12df430b6e812a9336ab9) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Thiruvadi Rajaraman <trajaraman@mvista.com> 2017-09-21 19:32:24 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07 17:10:08 +0000
commit: 1e97a1e6619a2fcb11b77eb117a79edeb552d66c (patch)
tree: 9c123d080eee5354247a4b46b3a066be21f28bac /meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
parent: 5f6bb8fe3d884e8f272f3aca2486d0f68e384977 (diff)
download: poky-1e97a1e6619a2fcb11b77eb117a79edeb552d66c.tar.gz
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
new file mode 100644
index 0000000000..3ad32189b1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
@@ -0,0 +1,60 @@
+commit 0d96e4df4812c3bad77c229dfef47a9bc115ac12
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date:   Thu Jun 15 06:40:17 2017 -0700
+    i386-dis: Check valid bnd register
+    
+    Since there are only 4 bnd registers, return "(bad)" for register
+    number > 3.
+    
+        PR binutils/21594
+        * i386-dis.c (OP_E_register): Check valid bnd register.
+        (OP_G): Likewise.
+Upstream-Status: Backport
+CVE: CVE-2017-9755
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/opcodes/i386-dis.c
+===================================================================
+--- git.orig/opcodes/i386-dis.c 2017-09-21 15:38:46.907182525 +0530
+++ git/opcodes/i386-dis.c      2017-09-21 15:38:54.703174976 +0530
+@@ -15211,6 +15211,11 @@
+       names = address_mode == mode_64bit ? names64 : names32;
+       break;
+     case bnd_mode:
+      if (reg > 0x3)
+       {
+         oappend ("(bad)");
+         return;
+       }
+       names = names_bnd;
+       break;
+     case indir_v_mode:
+@@ -15751,6 +15756,11 @@
+       oappend (names64[modrm.reg + add]);
+       break;
+     case bnd_mode:
+      if (modrm.reg > 0x3)
+       {
+         oappend ("(bad)");
+         return;
+       }
+       oappend (names_bnd[modrm.reg]);
+       break;
+     case v_mode:
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog  2017-09-21 15:38:54.531175122 +0530
+++ git/opcodes/ChangeLog       2017-09-21 15:45:32.264491166 +0530
+@@ -1,3 +1,9 @@
+2017-06-15  H.J. Lu  <hongjiu.lu@intel.com>
+
+       PR binutils/21594
+       * i386-dis.c (OP_E_register): Check valid bnd register.
+       (OP_G): Likewise.
+
+ 2017-06-15  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/21586
author	Thiruvadi Rajaraman <trajaraman@mvista.com>	2017-09-21 19:32:24 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-01-07 17:10:08 +0000
commit	1e97a1e6619a2fcb11b77eb117a79edeb552d66c (patch)
tree	9c123d080eee5354247a4b46b3a066be21f28bac /meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
parent	5f6bb8fe3d884e8f272f3aca2486d0f68e384977 (diff)
download	poky-1e97a1e6619a2fcb11b77eb117a79edeb552d66c.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch new file mode 100644 index 0000000000..3ad32189b1 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
@@ -0,0 +1,60 @@
	1	commit 0d96e4df4812c3bad77c229dfef47a9bc115ac12
	2	Author: H.J. Lu <hjl.tools@gmail.com>
	3	Date: Thu Jun 15 06:40:17 2017 -0700
	4
	5	i386-dis: Check valid bnd register
	6
	7	Since there are only 4 bnd registers, return "(bad)" for register
	8	number > 3.
	9
	10	PR binutils/21594
	11	* i386-dis.c (OP_E_register): Check valid bnd register.
	12	(OP_G): Likewise.
	13
	14	Upstream-Status: Backport
	15
	16	CVE: CVE-2017-9755
	17	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
	18
	19	Index: git/opcodes/i386-dis.c
	20	===================================================================
	21	--- git.orig/opcodes/i386-dis.c 2017-09-21 15:38:46.907182525 +0530
	22	+++ git/opcodes/i386-dis.c 2017-09-21 15:38:54.703174976 +0530
	23	@@ -15211,6 +15211,11 @@
	24	names = address_mode == mode_64bit ? names64 : names32;
	25	break;
	26	case bnd_mode:
	27	+ if (reg > 0x3)
	28	+ {
	29	+ oappend ("(bad)");
	30	+ return;
	31	+ }
	32	names = names_bnd;
	33	break;
	34	case indir_v_mode:
	35	@@ -15751,6 +15756,11 @@
	36	oappend (names64[modrm.reg + add]);
	37	break;
	38	case bnd_mode:
	39	+ if (modrm.reg > 0x3)
	40	+ {
	41	+ oappend ("(bad)");
	42	+ return;
	43	+ }
	44	oappend (names_bnd[modrm.reg]);
	45	break;
	46	case v_mode:
	47	Index: git/opcodes/ChangeLog
	48	===================================================================
	49	--- git.orig/opcodes/ChangeLog 2017-09-21 15:38:54.531175122 +0530
	50	+++ git/opcodes/ChangeLog 2017-09-21 15:45:32.264491166 +0530
	51	@@ -1,3 +1,9 @@
	52	+2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
	53	+
	54	+ PR binutils/21594
	55	+ * i386-dis.c (OP_E_register): Check valid bnd register.
	56	+ (OP_G): Likewise.
	57	+
	58	2017-06-15 Nick Clifton <nickc@redhat.com>
	59
	60	PR binutils/21586