diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 14:03:42 +0530 |
---|---|---|
committer | Armin Kuster <akuster@mvista.com> | 2017-11-23 17:40:46 -0800 |
commit | 360ac1a3bbbcf1eb7fba6162daa8cfa5fafcb9cd (patch) | |
tree | 720f515e2b12ba6d1a2983a5c046d0a285bfa499 /meta/recipes-devtools/binutils | |
parent | ed2d7332884cf455dc15242a28067d3695835c7b (diff) | |
download | openembedded-core-contrib-360ac1a3bbbcf1eb7fba6162daa8cfa5fafcb9cd.tar.gz |
binutils: CVE-2017-7227
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74270
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: e4e88f56ba13671afb5b3194ca4c1c59601e5fd5
Description:
Fix seg-fault in linker when passed a bogus input script.
PR ld/20906
* ldlex.l: Check for bogus strings in linker scripts.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch | 49 |
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 4833552ca9..54cdcc7bb5 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -62,6 +62,7 @@ SRC_URI = "\ file://CVE-2017-7223.patch \ file://CVE-2017-7224.patch \ file://CVE-2017-7225.patch \ + file://CVE-2017-7227.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch new file mode 100644 index 0000000000..1fa98e19be --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch @@ -0,0 +1,49 @@ +commit 406bd128dba2a59d0736839fc87a59bce319076c +Author: Nick Clifton <nickc@redhat.com> +Date: Mon Dec 5 16:00:43 2016 +0000 + + Fix seg-fault in linker when passed a bogus input script. + + PR ld/20906 + * ldlex.l: Check for bogus strings in linker scripts. + +Upstream-Status: backport + +CVE: CVE-2017-7227 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/ld/ChangeLog +=================================================================== +--- git.orig/ld/ChangeLog 2017-09-04 13:18:09.660584245 +0530 ++++ git/ld/ChangeLog 2017-09-04 13:20:34.286155911 +0530 +@@ -1,3 +1,8 @@ ++2016-12-05 Nick Clifton <nickc@redhat.com> ++ ++ PR ld/20906 ++ * ldlex.l: Check for bogus strings in linker scripts. ++ + 2016-08-02 Nick Clifton <nickc@redhat.com> + + PR ld/17739 +Index: git/ld/ldlex.l +=================================================================== +--- git.orig/ld/ldlex.l 2017-09-04 13:18:09.692584605 +0530 ++++ git/ld/ldlex.l 2017-09-04 13:22:54.483583368 +0530 +@@ -416,9 +416,15 @@ + + <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" { + /* No matter the state, quotes +- give what's inside */ ++ give what's inside. */ ++ bfd_size_type len; + yylval.name = xstrdup (yytext + 1); +- yylval.name[yyleng - 2] = 0; ++ /* PR ld/20906. A corrupt input file ++ can contain bogus strings. */ ++ len = strlen (yylval.name); ++ if (len > yyleng - 2) ++ len = yyleng - 2; ++ yylval.name[len] = 0; + return NAME; + } + <BOTH,SCRIPT,EXPRESSION>"\n" { lineno++;} |