aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThiruvadi Rajaraman <trajaraman@mvista.com>2017-09-21 19:39:24 +0530
committerArmin Kuster <akuster@mvista.com>2017-11-23 17:40:49 -0800
commitce8a36aea9d084a57871a91787f8b9e0225914f6 (patch)
treef2748b8d22e984e8f3d25aa523f28299f83cfec9
parentb779aa57464f8e192563ce0cec08d9d575aaf9dc (diff)
downloadopenembedded-core-contrib-ce8a36aea9d084a57871a91787f8b9e0225914f6.tar.gz
openembedded-core-contrib-ce8a36aea9d084a57871a91787f8b9e0225914f6.tar.bz2
openembedded-core-contrib-ce8a36aea9d084a57871a91787f8b9e0225914f6.zip
binutils: CVE-2017-9745
Source: binutils-gdb.git MR: 74062 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 2ec9457275509bfd8dc9185fbdcd485192a82cca Description: Handle EITR records in VMS Alpha binaries with overlarge command length parameters. PR binutils/21579 * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.27.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch62
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 70d4065a15..f51ca4e897 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -89,6 +89,7 @@ SRC_URI = "\
file://CVE-2017-9755_1.patch \
file://CVE-2017-9755_2.patch \
file://CVE-2017-9756.patch \
+ file://CVE-2017-9745.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
new file mode 100644
index 0000000000..b80226f412
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
@@ -0,0 +1,62 @@
+commit 76800cba595efc3fe95a446c2d664e42ae4ee869
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 12:08:57 2017 +0100
+
+ Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
+
+ PR binutils/21579
+ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+
+Upstream-Status: CVE-2017-9745
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-09-21 16:08:57.863375204 +0530
++++ git/bfd/vms-alpha.c 2017-09-21 16:08:58.211377888 +0530
+@@ -1801,14 +1801,8 @@
+
+ ptr += 4;
+
+-#if VMS_DEBUG
+- _bfd_vms_debug (4, "etir: %s(%d)\n",
+- _bfd_vms_etir_name (cmd), cmd);
+- _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+-#endif
+-
+- /* PR 21589: Check for a corrupt ETIR record. */
+- if (cmd_length < 4)
++ /* PR 21589 and 21579: Check for a corrupt ETIR record. */
++ if (cmd_length < 4 || (ptr + cmd_length > maxptr + 4))
+ {
+ corrupt_etir:
+ _bfd_error_handler (_("Corrupt ETIR record encountered"));
+@@ -1816,6 +1810,12 @@
+ return FALSE;
+ }
+
++#if VMS_DEBUG
++ _bfd_vms_debug (4, "etir: %s(%d)\n",
++ _bfd_vms_etir_name (cmd), cmd);
++ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
++#endif
++
+ switch (cmd)
+ {
+ /* Stack global
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 16:08:57.927375697 +0530
++++ git/bfd/ChangeLog 2017-09-21 16:11:35.192613756 +0530
+@@ -81,6 +81,11 @@
+ PR binutils/21581
+ (ieee_archive_p): Likewise.
+
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21579
++ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
++
+ 2017-06-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21589