diff options
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.28.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch | 79 |
2 files changed, 80 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index 68d21c8829..c6ef6478aa 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc | |||
@@ -64,6 +64,7 @@ SRC_URI = "\ | |||
64 | file://CVE-2017-9750.patch \ | 64 | file://CVE-2017-9750.patch \ |
65 | file://CVE-2017-9751.patch \ | 65 | file://CVE-2017-9751.patch \ |
66 | file://CVE-2017-9752.patch \ | 66 | file://CVE-2017-9752.patch \ |
67 | file://CVE-2017-9753.patch \ | ||
67 | " | 68 | " |
68 | S = "${WORKDIR}/git" | 69 | S = "${WORKDIR}/git" |
69 | 70 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch new file mode 100644 index 0000000000..241142b570 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch | |||
@@ -0,0 +1,79 @@ | |||
1 | From 04f963fd489cae724a60140e13984415c205f4ac Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Wed, 14 Jun 2017 10:35:16 +0100 | ||
4 | Subject: [PATCH] Fix seg-faults in objdump when disassembling a corrupt | ||
5 | versados binary. | ||
6 | |||
7 | PR binutils/21591 | ||
8 | * versados.c (versados_mkobject): Zero the allocated tdata structure. | ||
9 | (process_otr): Check for an invalid offset in the otr structure. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | CVE: CVE-2017-9753 | ||
13 | CVE: CVE-2017-9754 | ||
14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
15 | |||
16 | --- | ||
17 | bfd/ChangeLog | 6 ++++++ | ||
18 | bfd/versados.c | 12 ++++++++---- | ||
19 | 2 files changed, 14 insertions(+), 4 deletions(-) | ||
20 | |||
21 | Index: git/bfd/versados.c | ||
22 | =================================================================== | ||
23 | --- git.orig/bfd/versados.c | ||
24 | +++ git/bfd/versados.c | ||
25 | @@ -149,7 +149,7 @@ versados_mkobject (bfd *abfd) | ||
26 | if (abfd->tdata.versados_data == NULL) | ||
27 | { | ||
28 | bfd_size_type amt = sizeof (tdata_type); | ||
29 | - tdata_type *tdata = bfd_alloc (abfd, amt); | ||
30 | + tdata_type *tdata = bfd_zalloc (abfd, amt); | ||
31 | |||
32 | if (tdata == NULL) | ||
33 | return FALSE; | ||
34 | @@ -345,13 +345,13 @@ reloc_howto_type versados_howto_table[] | ||
35 | }; | ||
36 | |||
37 | static int | ||
38 | -get_offset (int len, unsigned char *ptr) | ||
39 | +get_offset (unsigned int len, unsigned char *ptr) | ||
40 | { | ||
41 | int val = 0; | ||
42 | |||
43 | if (len) | ||
44 | { | ||
45 | - int i; | ||
46 | + unsigned int i; | ||
47 | |||
48 | val = *ptr++; | ||
49 | if (val & 0x80) | ||
50 | @@ -394,9 +394,13 @@ process_otr (bfd *abfd, struct ext_otr * | ||
51 | int flag = *srcp++; | ||
52 | int esdids = (flag >> 5) & 0x7; | ||
53 | int sizeinwords = ((flag >> 3) & 1) ? 2 : 1; | ||
54 | - int offsetlen = flag & 0x7; | ||
55 | + unsigned int offsetlen = flag & 0x7; | ||
56 | int j; | ||
57 | |||
58 | + /* PR 21591: Check for invalid lengths. */ | ||
59 | + if (srcp + esdids + offsetlen >= endp) | ||
60 | + return; | ||
61 | + | ||
62 | if (esdids == 0) | ||
63 | { | ||
64 | /* A zero esdid means the new pc is the offset given. */ | ||
65 | Index: git/bfd/ChangeLog | ||
66 | =================================================================== | ||
67 | --- git.orig/bfd/ChangeLog | ||
68 | +++ git/bfd/ChangeLog | ||
69 | @@ -8,6 +8,10 @@ | ||
70 | (ieee_archive_p): Likewise. | ||
71 | |||
72 | 2017-06-14 Nick Clifton <nickc@redhat.com> | ||
73 | + | ||
74 | + PR binutils/21591 | ||
75 | + * versados.c (versados_mkobject): Zero the allocated tdata structure. | ||
76 | + (process_otr): Check for an invalid offset in the otr structure. | ||
77 | |||
78 | PR binutils/21589 | ||
79 | * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the | ||