diff options
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch | 76 |
2 files changed, 77 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 54fb5d61c3..2b35cb154d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -85,6 +85,7 @@ SRC_URI = "\ | |||
85 | file://CVE-2017-9747.patch \ | 85 | file://CVE-2017-9747.patch \ |
86 | file://CVE-2017-9750.patch \ | 86 | file://CVE-2017-9750.patch \ |
87 | file://CVE-2017-9752.patch \ | 87 | file://CVE-2017-9752.patch \ |
88 | file://CVE-2017-9753_9754.patch \ | ||
88 | " | 89 | " |
89 | S = "${WORKDIR}/git" | 90 | S = "${WORKDIR}/git" |
90 | 91 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch new file mode 100644 index 0000000000..fe1f9a100d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | commit 04f963fd489cae724a60140e13984415c205f4ac | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Wed Jun 14 10:35:16 2017 +0100 | ||
4 | |||
5 | Fix seg-faults in objdump when disassembling a corrupt versados binary. | ||
6 | |||
7 | PR binutils/21591 | ||
8 | * versados.c (versados_mkobject): Zero the allocated tdata structure. | ||
9 | (process_otr): Check for an invalid offset in the otr structure. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | CVE: CVE-2017-9753 and CVE-2017-9754 | ||
14 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
15 | |||
16 | Index: git/bfd/versados.c | ||
17 | =================================================================== | ||
18 | --- git.orig/bfd/versados.c 2017-09-21 15:08:34.445197987 +0530 | ||
19 | +++ git/bfd/versados.c 2017-09-21 15:08:34.429197878 +0530 | ||
20 | @@ -149,7 +149,7 @@ | ||
21 | if (abfd->tdata.versados_data == NULL) | ||
22 | { | ||
23 | bfd_size_type amt = sizeof (tdata_type); | ||
24 | - tdata_type *tdata = bfd_alloc (abfd, amt); | ||
25 | + tdata_type *tdata = bfd_zalloc (abfd, amt); | ||
26 | |||
27 | if (tdata == NULL) | ||
28 | return FALSE; | ||
29 | @@ -344,13 +344,13 @@ | ||
30 | }; | ||
31 | |||
32 | static int | ||
33 | -get_offset (int len, unsigned char *ptr) | ||
34 | +get_offset (unsigned int len, unsigned char *ptr) | ||
35 | { | ||
36 | int val = 0; | ||
37 | |||
38 | if (len) | ||
39 | { | ||
40 | - int i; | ||
41 | + unsigned int i; | ||
42 | |||
43 | val = *ptr++; | ||
44 | if (val & 0x80) | ||
45 | @@ -393,9 +393,13 @@ | ||
46 | int flag = *srcp++; | ||
47 | int esdids = (flag >> 5) & 0x7; | ||
48 | int sizeinwords = ((flag >> 3) & 1) ? 2 : 1; | ||
49 | - int offsetlen = flag & 0x7; | ||
50 | + unsigned int offsetlen = flag & 0x7; | ||
51 | int j; | ||
52 | |||
53 | + /* PR 21591: Check for invalid lengths. */ | ||
54 | + if (srcp + esdids + offsetlen >= endp) | ||
55 | + return; | ||
56 | + | ||
57 | if (esdids == 0) | ||
58 | { | ||
59 | /* A zero esdid means the new pc is the offset given. */ | ||
60 | Index: git/bfd/ChangeLog | ||
61 | =================================================================== | ||
62 | --- git.orig/bfd/ChangeLog 2017-09-21 15:08:34.445197987 +0530 | ||
63 | +++ git/bfd/ChangeLog 2017-09-21 15:08:34.429197878 +0530 | ||
64 | @@ -90,6 +90,12 @@ | ||
65 | (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the | ||
66 | end of etir record. | ||
67 | |||
68 | +2017-06-14 Nick Clifton <nickc@redhat.com> | ||
69 | + | ||
70 | + PR binutils/21591 | ||
71 | + * versados.c (versados_mkobject): Zero the allocated tdata structure. | ||
72 | + (process_otr): Check for an invalid offset in the otr structure. | ||
73 | + | ||
74 | 2017-04-29 Alan Modra <amodra@gmail.com> | ||
75 | |||
76 | PR 21432 | ||