diff options
author | Yuanjie Huang <yuanjie.huang@windriver.com> | 2017-05-25 19:40:41 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-06-05 23:30:22 +0100 |
commit | fa7a1f2115035688c7ca34f3910f119becd3e9b9 (patch) | |
tree | 095c721d775fda3fb0f5508c88bebb126ec91d37 /meta/recipes-devtools | |
parent | e28778ee72e4c6508f630edeb963a4666a770165 (diff) | |
download | poky-fa7a1f2115035688c7ca34f3910f119becd3e9b9.tar.gz |
binutils: fix CVE-2017-7210
CVE: CVE-2017-7210
[BZ 21157] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21157
PR binutils/21157: Fix handling of corrupt STABS enum type strings.
(From OE-Core rev: d12a99cba6c9dc9e1f6bc3a7ca8057f07e9cb950)
(From OE-Core rev: 4ca4e781f1c62696f896d7027081f759798794aa)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.28.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch | 71 |
2 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index ed571b39e8..40b518bf7a 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc | |||
@@ -42,6 +42,7 @@ SRC_URI = "\ | |||
42 | file://CVE-2017-6969.patch \ | 42 | file://CVE-2017-6969.patch \ |
43 | file://CVE-2017-6969_2.patch \ | 43 | file://CVE-2017-6969_2.patch \ |
44 | file://CVE-2017-7209.patch \ | 44 | file://CVE-2017-7209.patch \ |
45 | file://CVE-2017-7210.patch \ | ||
45 | " | 46 | " |
46 | S = "${WORKDIR}/git" | 47 | S = "${WORKDIR}/git" |
47 | 48 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch new file mode 100644 index 0000000000..8791792c7c --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | From 4da598a472e1d298825035e452e3bc68f714311c Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Tue, 14 Feb 2017 14:07:29 +0000 | ||
4 | Subject: Fix handling of corrupt STABS enum type strings. | ||
5 | |||
6 | PR binutils/21157 | ||
7 | * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE | ||
8 | pairs. | ||
9 | (parse_number): Exit early if passed an empty string. | ||
10 | |||
11 | CVE: CVE-2017-7210 | ||
12 | Upstream-Status: Backport [master] | ||
13 | |||
14 | Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> | ||
15 | --- | ||
16 | binutils/ChangeLog | 7 +++++++ | ||
17 | binutils/stabs.c | 14 +++++++++++++- | ||
18 | 2 files changed, 20 insertions(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/binutils/ChangeLog b/binutils/ChangeLog | ||
21 | index cf92744c12..0045fbaaa6 100644 | ||
22 | --- a/binutils/ChangeLog | ||
23 | +++ b/binutils/ChangeLog | ||
24 | @@ -1,3 +1,10 @@ | ||
25 | +2017-02-14 Nick Clifton <nickc@redhat.com> | ||
26 | + | ||
27 | + PR binutils/21157 | ||
28 | + * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE | ||
29 | + pairs. | ||
30 | + (parse_number): Exit early if passed an empty string. | ||
31 | + | ||
32 | 2017-02-13 Nick Clifton <nickc@redhat.com> | ||
33 | |||
34 | PR binutils/21135 | ||
35 | diff --git a/binutils/stabs.c b/binutils/stabs.c | ||
36 | index f5c5d2d8e0..5d013cc361 100644 | ||
37 | --- a/binutils/stabs.c | ||
38 | +++ b/binutils/stabs.c | ||
39 | @@ -232,6 +232,10 @@ parse_number (const char **pp, bfd_boolean *poverflow) | ||
40 | |||
41 | orig = *pp; | ||
42 | |||
43 | + /* Stop early if we are passed an empty string. */ | ||
44 | + if (*orig == 0) | ||
45 | + return (bfd_vma) 0; | ||
46 | + | ||
47 | errno = 0; | ||
48 | ul = strtoul (*pp, (char **) pp, 0); | ||
49 | if (ul + 1 != 0 || errno == 0) | ||
50 | @@ -1975,9 +1979,17 @@ parse_stab_enum_type (void *dhandle, const char **pp) | ||
51 | bfd_signed_vma val; | ||
52 | |||
53 | p = *pp; | ||
54 | - while (*p != ':') | ||
55 | + while (*p != ':' && *p != 0) | ||
56 | ++p; | ||
57 | |||
58 | + if (*p == 0) | ||
59 | + { | ||
60 | + bad_stab (orig); | ||
61 | + free (names); | ||
62 | + free (values); | ||
63 | + return DEBUG_TYPE_NULL; | ||
64 | + } | ||
65 | + | ||
66 | name = savestring (*pp, p - *pp); | ||
67 | |||
68 | *pp = p + 1; | ||
69 | -- | ||
70 | 2.11.0 | ||
71 | |||