From 4aff74cf1efaa18d0292644d7a3c71b98d03a549 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Sun, 26 Nov 2017 16:32:47 -0800 Subject: binutls: Secuirty fix for CVE-2017-9756 Affects: <= 2.28 (From OE-Core rev: 59956de9ffd18d65c41697772e2b95da982cc803) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- meta/recipes-devtools/binutils/binutils-2.28.inc | 1 + .../binutils/binutils/CVE-2017-9756.patch | 50 ++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch (limited to 'meta/recipes-devtools/binutils') diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index b4299c8897..a2b2901b63 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc @@ -66,6 +66,7 @@ SRC_URI = "\ file://CVE-2017-9752.patch \ file://CVE-2017-9753.patch \ file://CVE-2017-9755.patch \ + file://CVE-2017-9756.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch new file mode 100644 index 0000000000..191d0be198 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch @@ -0,0 +1,50 @@ +From cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Thu, 15 Jun 2017 13:26:54 +0100 +Subject: [PATCH] Prevent address violation problem when disassembling corrupt + aarch64 binary. + + PR binutils/21595 + * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of + range value. + +Upstream-Status: Backport +CVE: CVE-2017-9756 +Signed-off-by: Armin Kuster + +--- + opcodes/ChangeLog | 6 ++++++ + opcodes/aarch64-dis.c | 3 +++ + 2 files changed, 9 insertions(+) + +Index: git/opcodes/ChangeLog +=================================================================== +--- git.orig/opcodes/ChangeLog ++++ git/opcodes/ChangeLog +@@ -6,6 +6,12 @@ + + 2017-06-15 Nick Clifton + ++ PR binutils/21595 ++ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of ++ range value. ++ ++2017-06-15 Nick Clifton ++ + PR binutils/21588 + * rl78-decode.opc (OP_BUF_LEN): Define. + (GETBYTE): Check for the index exceeding OP_BUF_LEN. +Index: git/opcodes/aarch64-dis.c +=================================================================== +--- git.orig/opcodes/aarch64-dis.c ++++ git/opcodes/aarch64-dis.c +@@ -409,6 +409,9 @@ aarch64_ext_ldst_reglist (const aarch64_ + info->reglist.first_regno = extract_field (FLD_Rt, code, 0); + /* opcode */ + value = extract_field (FLD_opcode, code, 0); ++ /* PR 21595: Check for a bogus value. */ ++ if (value >= ARRAY_SIZE (data)) ++ return 0; + if (expected_num != data[value].num_elements || data[value].is_reserved) + return 0; + info->reglist.num_regs = data[value].num_regs; -- cgit v1.2.3-54-g00ecf