diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-21 19:42:19 +0530 |
---|---|---|
committer | Armin Kuster <akuster@mvista.com> | 2017-11-23 17:40:49 -0800 |
commit | 903ac6a82bf4b216d86b5a8a22e27989420c9ad1 (patch) | |
tree | 3c54bb15966415f97e9e4f1a424eec16eaf98369 | |
parent | ce8a36aea9d084a57871a91787f8b9e0225914f6 (diff) | |
download | meta-openembedded-contrib-903ac6a82bf4b216d86b5a8a22e27989420c9ad1.tar.gz |
binutils: CVE-2017-9954
Source: binutils-gdb.git
MR: 73906
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 13858130a02bbe84744fd33ecbf2bbbd2360c09c
Description:
Fix address violation parsing a corrupt texhex format file.
PR binutils/21670
* tekhex.c (getvalue): Check for the source pointer exceeding the
end pointer before the first byte is read.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch | 58 |
2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index f51ca4e897..fdc1252c23 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -90,6 +90,7 @@ SRC_URI = "\ file://CVE-2017-9755_2.patch \ file://CVE-2017-9756.patch \ file://CVE-2017-9745.patch \ + file://CVE-2017-9954.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch new file mode 100644 index 0000000000..26515721e3 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch @@ -0,0 +1,58 @@ +commit 04e15b4a9462cb1ae819e878a6009829aab8020b +Author: Nick Clifton <nickc@redhat.com> +Date: Mon Jun 26 15:46:34 2017 +0100 + + Fix address violation parsing a corrupt texhex format file. + + PR binutils/21670 + * tekhex.c (getvalue): Check for the source pointer exceeding the + end pointer before the first byte is read. + +Upstream-Status: Backport + +CVE: CVE-2017-9954 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/tekhex.c +=================================================================== +--- git.orig/bfd/tekhex.c 2017-09-21 16:19:42.570877476 +0530 ++++ git/bfd/tekhex.c 2017-09-21 16:20:06.878964516 +0530 +@@ -273,6 +273,9 @@ + bfd_vma value = 0; + unsigned int len; + ++ if (src >= endp) ++ return FALSE; ++ + if (!ISHEX (*src)) + return FALSE; + +@@ -514,9 +517,10 @@ + /* To the front of the file. */ + if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0) + return FALSE; ++ + while (! is_eof) + { +- char src[MAXCHUNK]; ++ static char src[MAXCHUNK]; + char type; + + /* Find first '%'. */ +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-21 16:20:06.822964309 +0530 ++++ git/bfd/ChangeLog 2017-09-21 16:22:29.383577439 +0530 +@@ -55,6 +55,12 @@ + correct magic bytes at the start, set the error to wrong format + and clear the format selector before returning NULL. + ++2017-06-26 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/21670 ++ * tekhex.c (getvalue): Check for the source pointer exceeding the ++ end pointer before the first byte is read. ++ + 2017-06-21 Nick Clifton <nickc@redhat.com> + + PR binutils/21637 |