aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThiruvadi Rajaraman <trajaraman@mvista.com>2017-09-21 19:32:24 +0530
committerArmin Kuster <akuster@mvista.com>2017-11-23 17:40:49 -0800
commit2a43ef74ac77433bc48f461845e99cf4ebbc2074 (patch)
tree2f534d3e635d07c053e11403e1a66dacd43b8ecf
parent0e89ff5de84fbe5ea3a61d57d95928678153edf4 (diff)
downloadopenembedded-core-contrib-2a43ef74ac77433bc48f461845e99cf4ebbc2074.tar.gz
openembedded-core-contrib-2a43ef74ac77433bc48f461845e99cf4ebbc2074.tar.bz2
openembedded-core-contrib-2a43ef74ac77433bc48f461845e99cf4ebbc2074.zip
binutils: CVE-2017-9755
Source: binutils-gdb.git MR: 73932 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 49ad5f3244cd51ee6714c1b60cc1c3f84d7de7c8 Description: i386-dis: Add 2 tests with invalid bnd register PR binutils/21594 * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd register. * testsuite/gas/i386/x86-64-mpx.s: Likewise. * testsuite/gas/i386/mpx.d: Updated. * testsuite/gas/i386/x86-64-mpx.d: Likewise. i386-dis: Check valid bnd register Since there are only 4 bnd registers, return "(bad)" for register number > 3. PR binutils/21594 * i386-dis.c (OP_E_register): Check valid bnd register. (OP_G): Likewise. Affects: <= 2.28 Author: H.J. Lu <hjl.tools@gmail.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.27.inc2
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch60
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch101
3 files changed, 163 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 2b35cb154d..961364c81c 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -86,6 +86,8 @@ SRC_URI = "\
file://CVE-2017-9750.patch \
file://CVE-2017-9752.patch \
file://CVE-2017-9753_9754.patch \
+ file://CVE-2017-9755_1.patch \
+ file://CVE-2017-9755_2.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
new file mode 100644
index 0000000000..3ad32189b1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
@@ -0,0 +1,60 @@
+commit 0d96e4df4812c3bad77c229dfef47a9bc115ac12
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Thu Jun 15 06:40:17 2017 -0700
+
+ i386-dis: Check valid bnd register
+
+ Since there are only 4 bnd registers, return "(bad)" for register
+ number > 3.
+
+ PR binutils/21594
+ * i386-dis.c (OP_E_register): Check valid bnd register.
+ (OP_G): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9755
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/i386-dis.c
+===================================================================
+--- git.orig/opcodes/i386-dis.c 2017-09-21 15:38:46.907182525 +0530
++++ git/opcodes/i386-dis.c 2017-09-21 15:38:54.703174976 +0530
+@@ -15211,6 +15211,11 @@
+ names = address_mode == mode_64bit ? names64 : names32;
+ break;
+ case bnd_mode:
++ if (reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ names = names_bnd;
+ break;
+ case indir_v_mode:
+@@ -15751,6 +15756,11 @@
+ oappend (names64[modrm.reg + add]);
+ break;
+ case bnd_mode:
++ if (modrm.reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ oappend (names_bnd[modrm.reg]);
+ break;
+ case v_mode:
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 15:38:54.531175122 +0530
++++ git/opcodes/ChangeLog 2017-09-21 15:45:32.264491166 +0530
+@@ -1,3 +1,9 @@
++2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21594
++ * i386-dis.c (OP_E_register): Check valid bnd register.
++ (OP_G): Likewise.
++
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21586
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch
new file mode 100644
index 0000000000..69e1607d8b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch
@@ -0,0 +1,101 @@
+commit 8cac017d35ef374e65acc98818a17cf8a652cbd0
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Thu Jun 15 08:21:48 2017 -0700
+
+ i386-dis: Add 2 tests with invalid bnd register
+
+ PR binutils/21594
+ * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
+ register.
+ * testsuite/gas/i386/x86-64-mpx.s: Likewise.
+ * testsuite/gas/i386/mpx.d: Updated.
+ * testsuite/gas/i386/x86-64-mpx.d: Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9755
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/gas/testsuite/gas/i386/mpx.d
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.616640460 +0530
+@@ -130,4 +130,8 @@
+
+ [a-f0-9]+ <foo>:
+ [ ]*[a-f0-9]+: f2 c3 bnd ret
++
++[a-f0-9]+ <bad>:
++[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%eax\),\(bad\)
++[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0
+ #pass
+Index: git/gas/testsuite/gas/i386/mpx.s
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.616640460 +0530
+@@ -157,3 +157,15 @@
+ bnd ret
+
+ foo: bnd ret
++
++bad:
++ # bndldx (%eax),(bad)
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0x30
++
++ # bndmov (bad),%bnd0
++ .byte 0x66
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0xc4
+Index: git/gas/testsuite/gas/i386/x86-64-mpx.d
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.616640460 +0530
+@@ -182,4 +182,8 @@
+
+ [a-f0-9]+ <foo>:
+ [ ]*[a-f0-9]+: f2 c3 bnd retq
++
++[a-f0-9]+ <bad>:
++[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%rax\),\(bad\)
++[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0
+ #pass
+Index: git/gas/testsuite/gas/i386/x86-64-mpx.s
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.616640460 +0530
+@@ -209,3 +209,15 @@
+ bnd ret
+
+ foo: bnd ret
++
++bad:
++ # bndldx (%eax),(bad)
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0x30
++
++ # bndmov (bad),%bnd0
++ .byte 0x66
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0xc4
+Index: git/gas/ChangeLog
+===================================================================
+--- git.orig/gas/ChangeLog 2017-09-21 15:38:53.143176323 +0530
++++ git/gas/ChangeLog 2017-09-21 15:48:07.134368927 +0530
+@@ -1,3 +1,12 @@
++2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21594
++ * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
++ register.
++ * testsuite/gas/i386/x86-64-mpx.s: Likewise.
++ * testsuite/gas/i386/mpx.d: Updated.
++ * testsuite/gas/i386/x86-64-mpx.d: Likewise.
++
+ 2016-12-01 Nick Clifton <nickc@redhat.com>
+
+ PR gas/20898