diff options
| author |   Hongxu Jia <hongxu.jia@windriver.com> | 2018-10-23 04:35:06 -0400 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-11-06 11:53:26 +0000 |
| commit | 024b395425c95a08c881d922c310be78ffad483a (patch) | |
| tree | 3962036521ce59609a3c10a10ed454c61c06f2a3 | |
| parent | 2ddb3b25ed063b47d3fe2b3e9e17b7f9d0e2a7e5 (diff) | |
| download | openembedded-core-024b395425c95a08c881d922c310be78ffad483a.tar.gz | |
nasm: fix CVE-2018-1000667
Since the latest nasm is 2.14rc16 (not formal release),
so backport a patch to 2.13 to fix CVE-2018-1000667.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch | 37 | ||||
| -rw-r--r-- | meta/recipes-devtools/nasm/nasm_2.13.03.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch b/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch new file mode 100644 index 0000000000..2121fd17f3 --- /dev/null +++ b/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch @@ -0,0 +1,37 @@ +From a2f43331a853b7cc449cae3361ee1fb54c7fad8d Mon Sep 17 00:00:00 2001 +From: Cyrill Gorcunov <gorcunov@gmail.com> +Date: Sat, 29 Sep 2018 14:30:14 +0300 +Subject: [PATCH] preproc: parse_size -- Check for string provided + +In case if the string is nil we will have sigsegv. + +https://bugzilla.nasm.us/show_bug.cgi?id=3392507 + +Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> + +CVE: CVE-2018-1000667 +Upstream-Status: Backport +https://repo.or.cz/nasm/nasm.git/commit/c713b5f994cf7b29164c3b6838b91f0499591434 + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + asm/preproc.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/asm/preproc.c b/asm/preproc.c +index 475926d..1d770a5 100644 +--- a/asm/preproc.c ++++ b/asm/preproc.c +@@ -2216,8 +2216,7 @@ static int parse_size(const char *str) { + { "byte", "dword", "oword", "qword", "tword", "word", "yword" }; + static const int sizes[] = + { 0, 1, 4, 16, 8, 10, 2, 32 }; +- +- return sizes[bsii(str, size_names, ARRAY_SIZE(size_names))+1]; ++ return str ? sizes[bsii(str, size_names, ARRAY_SIZE(size_names))+1] : 0; + } + + /* +-- +2.8.1 + diff --git a/meta/recipes-devtools/nasm/nasm_2.13.03.bb b/meta/recipes-devtools/nasm/nasm_2.13.03.bb index 730db1d8c2..de4c55446a 100644 --- a/meta/recipes-devtools/nasm/nasm_2.13.03.bb +++ b/meta/recipes-devtools/nasm/nasm_2.13.03.bb @@ -9,6 +9,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ file://0001-fix-CVE-2018-8882.patch \ file://0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch \ file://0001-eval-Eliminate-division-by-zero.patch \ + file://0001-preproc-parse_size-Check-for-string-provided.patch \ " SRC_URI[md5sum] = "0c581d482f39d5111879ca9601938f74" |