aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThiruvadi Rajaraman <trajaraman@mvista.com>2017-09-21 19:42:19 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-01-07 17:09:48 +0000
commit162fce9416dcde1a0b7edfbf772fa6e6e18c46a4 (patch)
tree3b10e1a2fe70c4bc99897c4ae0b9956f5e64b417
parentf8542a9cf50c8001f675f68e42234c306d8ce1e7 (diff)
downloadopenembedded-core-contrib-162fce9416dcde1a0b7edfbf772fa6e6e18c46a4.tar.gz
binutils: CVE-2017-9954
Source: binutils-gdb.git MR: 73906 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 13858130a02bbe84744fd33ecbf2bbbd2360c09c Description: Fix address violation parsing a corrupt texhex format file. PR binutils/21670 * tekhex.c (getvalue): Check for the source pointer exceeding the end pointer before the first byte is read. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.27.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch58
2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index f51ca4e897..fdc1252c23 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -90,6 +90,7 @@ SRC_URI = "\
file://CVE-2017-9755_2.patch \
file://CVE-2017-9756.patch \
file://CVE-2017-9745.patch \
+ file://CVE-2017-9954.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
new file mode 100644
index 0000000000..26515721e3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
@@ -0,0 +1,58 @@
+commit 04e15b4a9462cb1ae819e878a6009829aab8020b
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Jun 26 15:46:34 2017 +0100
+
+ Fix address violation parsing a corrupt texhex format file.
+
+ PR binutils/21670
+ * tekhex.c (getvalue): Check for the source pointer exceeding the
+ end pointer before the first byte is read.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9954
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/tekhex.c
+===================================================================
+--- git.orig/bfd/tekhex.c 2017-09-21 16:19:42.570877476 +0530
++++ git/bfd/tekhex.c 2017-09-21 16:20:06.878964516 +0530
+@@ -273,6 +273,9 @@
+ bfd_vma value = 0;
+ unsigned int len;
+
++ if (src >= endp)
++ return FALSE;
++
+ if (!ISHEX (*src))
+ return FALSE;
+
+@@ -514,9 +517,10 @@
+ /* To the front of the file. */
+ if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
+ return FALSE;
++
+ while (! is_eof)
+ {
+- char src[MAXCHUNK];
++ static char src[MAXCHUNK];
+ char type;
+
+ /* Find first '%'. */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 16:20:06.822964309 +0530
++++ git/bfd/ChangeLog 2017-09-21 16:22:29.383577439 +0530
+@@ -55,6 +55,12 @@
+ correct magic bytes at the start, set the error to wrong format
+ and clear the format selector before returning NULL.
+
++2017-06-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21670
++ * tekhex.c (getvalue): Check for the source pointer exceeding the
++ end pointer before the first byte is read.
++
+ 2017-06-21 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21637