diff options
author | Yuanjie Huang <Yuanjie.Huang@windriver.com> | 2017-05-31 01:37:59 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-08-29 16:50:52 +0100 |
commit | 1188ce3e3fb6f70d9d5536e4d0e4a6ced651d8f0 (patch) | |
tree | b745fc6fcc12bbd855c3a883e4fdede359ae8390 /meta/recipes-devtools/binutils | |
parent | 5d6e240db6b0448e77248f7f110449bce9d97667 (diff) | |
download | poky-1188ce3e3fb6f70d9d5536e4d0e4a6ced651d8f0.tar.gz |
binutils: fix CVE-2017-7210
CVE: CVE-2017-7210
[BZ 21157] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21157
PR binutils/21157: Fix handling of corrupt STABS enum type strings.
(From OE-Core rev: 066a7acc4c19a4ef3428d0a7c695a2b08f45bc14)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch | 71 |
2 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 5dca05e898..0936d974d4 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -44,6 +44,7 @@ SRC_URI = "\ | |||
44 | file://CVE-2017-6969.patch \ | 44 | file://CVE-2017-6969.patch \ |
45 | file://CVE-2017-6969_2.patch \ | 45 | file://CVE-2017-6969_2.patch \ |
46 | file://CVE-2017-7209.patch \ | 46 | file://CVE-2017-7209.patch \ |
47 | file://CVE-2017-7210.patch \ | ||
47 | " | 48 | " |
48 | S = "${WORKDIR}/git" | 49 | S = "${WORKDIR}/git" |
49 | 50 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch new file mode 100644 index 0000000000..211d2bfd80 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | From 80958b04c91edcd41c42807225a7ad1b2a4ce0e6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Tue, 14 Feb 2017 14:07:29 +0000 | ||
4 | Subject: Fix handling of corrupt STABS enum type strings. | ||
5 | |||
6 | PR binutils/21157 | ||
7 | * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE | ||
8 | pairs. | ||
9 | (parse_number): Exit early if passed an empty string. | ||
10 | |||
11 | CVE: CVE-2017-7210 | ||
12 | Upstream-Status: Backport [master] | ||
13 | |||
14 | Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> | ||
15 | --- | ||
16 | binutils/ChangeLog | 7 +++++++ | ||
17 | binutils/stabs.c | 14 +++++++++++++- | ||
18 | 2 files changed, 20 insertions(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/binutils/ChangeLog b/binutils/ChangeLog | ||
21 | index c4d8e60eca..2bae9ec587 100644 | ||
22 | --- a/binutils/ChangeLog | ||
23 | +++ b/binutils/ChangeLog | ||
24 | @@ -1,3 +1,10 @@ | ||
25 | +2017-02-14 Nick Clifton <nickc@redhat.com> | ||
26 | + | ||
27 | + PR binutils/21157 | ||
28 | + * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE | ||
29 | + pairs. | ||
30 | + (parse_number): Exit early if passed an empty string. | ||
31 | + | ||
32 | 2017-02-13 Nick Clifton <nickc@redhat.com> | ||
33 | |||
34 | PR binutils/21135 | ||
35 | diff --git a/binutils/stabs.c b/binutils/stabs.c | ||
36 | index aebde7afe9..c425afe98e 100644 | ||
37 | --- a/binutils/stabs.c | ||
38 | +++ b/binutils/stabs.c | ||
39 | @@ -232,6 +232,10 @@ parse_number (const char **pp, bfd_boolean *poverflow) | ||
40 | |||
41 | orig = *pp; | ||
42 | |||
43 | + /* Stop early if we are passed an empty string. */ | ||
44 | + if (*orig == 0) | ||
45 | + return (bfd_vma) 0; | ||
46 | + | ||
47 | errno = 0; | ||
48 | ul = strtoul (*pp, (char **) pp, 0); | ||
49 | if (ul + 1 != 0 || errno == 0) | ||
50 | @@ -1975,9 +1979,17 @@ parse_stab_enum_type (void *dhandle, const char **pp) | ||
51 | bfd_signed_vma val; | ||
52 | |||
53 | p = *pp; | ||
54 | - while (*p != ':') | ||
55 | + while (*p != ':' && *p != 0) | ||
56 | ++p; | ||
57 | |||
58 | + if (*p == 0) | ||
59 | + { | ||
60 | + bad_stab (orig); | ||
61 | + free (names); | ||
62 | + free (values); | ||
63 | + return DEBUG_TYPE_NULL; | ||
64 | + } | ||
65 | + | ||
66 | name = savestring (*pp, p - *pp); | ||
67 | |||
68 | *pp = p + 1; | ||
69 | -- | ||
70 | 2.11.0 | ||
71 | |||