diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-21 19:39:24 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:09:48 +0000 |
commit | f8542a9cf50c8001f675f68e42234c306d8ce1e7 (patch) | |
tree | c3346d35631305658b67bcc0a7d91a5ed3fffc0c | |
parent | f48d4c21673c16760c5a9ff51934127339234f85 (diff) | |
download | openembedded-core-contrib-f8542a9cf50c8001f675f68e42234c306d8ce1e7.tar.gz |
binutils: CVE-2017-9745
Source: binutils-gdb.git
MR: 74062
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 2ec9457275509bfd8dc9185fbdcd485192a82cca
Description:
Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
PR binutils/21579
* vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch | 62 |
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 70d4065a15..f51ca4e897 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -89,6 +89,7 @@ SRC_URI = "\ file://CVE-2017-9755_1.patch \ file://CVE-2017-9755_2.patch \ file://CVE-2017-9756.patch \ + file://CVE-2017-9745.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch new file mode 100644 index 0000000000..b80226f412 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch @@ -0,0 +1,62 @@ +commit 76800cba595efc3fe95a446c2d664e42ae4ee869 +Author: Nick Clifton <nickc@redhat.com> +Date: Thu Jun 15 12:08:57 2017 +0100 + + Handle EITR records in VMS Alpha binaries with overlarge command length parameters. + + PR binutils/21579 + * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length. + +Upstream-Status: CVE-2017-9745 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/vms-alpha.c +=================================================================== +--- git.orig/bfd/vms-alpha.c 2017-09-21 16:08:57.863375204 +0530 ++++ git/bfd/vms-alpha.c 2017-09-21 16:08:58.211377888 +0530 +@@ -1801,14 +1801,8 @@ + + ptr += 4; + +-#if VMS_DEBUG +- _bfd_vms_debug (4, "etir: %s(%d)\n", +- _bfd_vms_etir_name (cmd), cmd); +- _bfd_hexdump (8, ptr, cmd_length - 4, 0); +-#endif +- +- /* PR 21589: Check for a corrupt ETIR record. */ +- if (cmd_length < 4) ++ /* PR 21589 and 21579: Check for a corrupt ETIR record. */ ++ if (cmd_length < 4 || (ptr + cmd_length > maxptr + 4)) + { + corrupt_etir: + _bfd_error_handler (_("Corrupt ETIR record encountered")); +@@ -1816,6 +1810,12 @@ + return FALSE; + } + ++#if VMS_DEBUG ++ _bfd_vms_debug (4, "etir: %s(%d)\n", ++ _bfd_vms_etir_name (cmd), cmd); ++ _bfd_hexdump (8, ptr, cmd_length - 4, 0); ++#endif ++ + switch (cmd) + { + /* Stack global +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-21 16:08:57.927375697 +0530 ++++ git/bfd/ChangeLog 2017-09-21 16:11:35.192613756 +0530 +@@ -81,6 +81,11 @@ + PR binutils/21581 + (ieee_archive_p): Likewise. + ++2017-06-15 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/21579 ++ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length. ++ + 2017-06-14 Nick Clifton <nickc@redhat.com> + + PR binutils/21589 |