diff options
author | Armin Kuster <akuster808@gmail.com> | 2017-11-26 16:32:47 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-12-11 22:01:56 +0000 |
commit | 59956de9ffd18d65c41697772e2b95da982cc803 (patch) | |
tree | fac597af5c4d2995aa4bccee3b8de6c9eb5beb42 | |
parent | 2a1da95cf865de024d278178b28e58a299526121 (diff) | |
download | openembedded-core-59956de9ffd18d65c41697772e2b95da982cc803.tar.gz |
binutls: Secuirty fix for CVE-2017-9756
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.28.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch | 50 |
2 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index b4299c8897..a2b2901b63 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc @@ -66,6 +66,7 @@ SRC_URI = "\ file://CVE-2017-9752.patch \ file://CVE-2017-9753.patch \ file://CVE-2017-9755.patch \ + file://CVE-2017-9756.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch new file mode 100644 index 0000000000..191d0be198 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch @@ -0,0 +1,50 @@ +From cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Thu, 15 Jun 2017 13:26:54 +0100 +Subject: [PATCH] Prevent address violation problem when disassembling corrupt + aarch64 binary. + + PR binutils/21595 + * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of + range value. + +Upstream-Status: Backport +CVE: CVE-2017-9756 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + opcodes/ChangeLog | 6 ++++++ + opcodes/aarch64-dis.c | 3 +++ + 2 files changed, 9 insertions(+) + +Index: git/opcodes/ChangeLog +=================================================================== +--- git.orig/opcodes/ChangeLog ++++ git/opcodes/ChangeLog +@@ -6,6 +6,12 @@ + + 2017-06-15 Nick Clifton <nickc@redhat.com> + ++ PR binutils/21595 ++ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of ++ range value. ++ ++2017-06-15 Nick Clifton <nickc@redhat.com> ++ + PR binutils/21588 + * rl78-decode.opc (OP_BUF_LEN): Define. + (GETBYTE): Check for the index exceeding OP_BUF_LEN. +Index: git/opcodes/aarch64-dis.c +=================================================================== +--- git.orig/opcodes/aarch64-dis.c ++++ git/opcodes/aarch64-dis.c +@@ -409,6 +409,9 @@ aarch64_ext_ldst_reglist (const aarch64_ + info->reglist.first_regno = extract_field (FLD_Rt, code, 0); + /* opcode */ + value = extract_field (FLD_opcode, code, 0); ++ /* PR 21595: Check for a bogus value. */ ++ if (value >= ARRAY_SIZE (data)) ++ return 0; + if (expected_num != data[value].num_elements || data[value].is_reserved) + return 0; + info->reglist.num_regs = data[value].num_regs; |