diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 14:03:42 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:10:07 +0000 |
commit | a880a7f8d762cdd488ab8336cd4574cb9172bb52 (patch) | |
tree | 5cf19c93e2eeb55464e459df4af4dd0f3bc3c117 /meta/recipes-devtools/binutils | |
parent | 24a6fa61841c1f2de621b7cf41585300a69f9951 (diff) | |
download | poky-a880a7f8d762cdd488ab8336cd4574cb9172bb52.tar.gz |
binutils: CVE-2017-7227
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74270
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: e4e88f56ba13671afb5b3194ca4c1c59601e5fd5
Description:
Fix seg-fault in linker when passed a bogus input script.
PR ld/20906
* ldlex.l: Check for bogus strings in linker scripts.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: 650a5b69c4ae7cf91d13993225877d0187bcb65e)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch | 49 |
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 4833552ca9..54cdcc7bb5 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -62,6 +62,7 @@ SRC_URI = "\ | |||
62 | file://CVE-2017-7223.patch \ | 62 | file://CVE-2017-7223.patch \ |
63 | file://CVE-2017-7224.patch \ | 63 | file://CVE-2017-7224.patch \ |
64 | file://CVE-2017-7225.patch \ | 64 | file://CVE-2017-7225.patch \ |
65 | file://CVE-2017-7227.patch \ | ||
65 | " | 66 | " |
66 | S = "${WORKDIR}/git" | 67 | S = "${WORKDIR}/git" |
67 | 68 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch new file mode 100644 index 0000000000..1fa98e19be --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | commit 406bd128dba2a59d0736839fc87a59bce319076c | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Mon Dec 5 16:00:43 2016 +0000 | ||
4 | |||
5 | Fix seg-fault in linker when passed a bogus input script. | ||
6 | |||
7 | PR ld/20906 | ||
8 | * ldlex.l: Check for bogus strings in linker scripts. | ||
9 | |||
10 | Upstream-Status: backport | ||
11 | |||
12 | CVE: CVE-2017-7227 | ||
13 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
14 | |||
15 | Index: git/ld/ChangeLog | ||
16 | =================================================================== | ||
17 | --- git.orig/ld/ChangeLog 2017-09-04 13:18:09.660584245 +0530 | ||
18 | +++ git/ld/ChangeLog 2017-09-04 13:20:34.286155911 +0530 | ||
19 | @@ -1,3 +1,8 @@ | ||
20 | +2016-12-05 Nick Clifton <nickc@redhat.com> | ||
21 | + | ||
22 | + PR ld/20906 | ||
23 | + * ldlex.l: Check for bogus strings in linker scripts. | ||
24 | + | ||
25 | 2016-08-02 Nick Clifton <nickc@redhat.com> | ||
26 | |||
27 | PR ld/17739 | ||
28 | Index: git/ld/ldlex.l | ||
29 | =================================================================== | ||
30 | --- git.orig/ld/ldlex.l 2017-09-04 13:18:09.692584605 +0530 | ||
31 | +++ git/ld/ldlex.l 2017-09-04 13:22:54.483583368 +0530 | ||
32 | @@ -416,9 +416,15 @@ | ||
33 | |||
34 | <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" { | ||
35 | /* No matter the state, quotes | ||
36 | - give what's inside */ | ||
37 | + give what's inside. */ | ||
38 | + bfd_size_type len; | ||
39 | yylval.name = xstrdup (yytext + 1); | ||
40 | - yylval.name[yyleng - 2] = 0; | ||
41 | + /* PR ld/20906. A corrupt input file | ||
42 | + can contain bogus strings. */ | ||
43 | + len = strlen (yylval.name); | ||
44 | + if (len > yyleng - 2) | ||
45 | + len = yyleng - 2; | ||
46 | + yylval.name[len] = 0; | ||
47 | return NAME; | ||
48 | } | ||
49 | <BOTH,SCRIPT,EXPRESSION>"\n" { lineno++;} | ||