[oe-commits] [openembedded-core] 36/51: binutils: CVE-2017-9755
git at git.openembedded.org
git at git.openembedded.org
Sun Jan 7 17:11:45 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch morty
in repository openembedded-core.
commit 98b66508f8b382f047d12df430b6e812a9336ab9
Author: Thiruvadi Rajaraman <trajaraman at mvista.com>
AuthorDate: Thu Sep 21 19:32:24 2017 +0530
binutils: CVE-2017-9755
Source: binutils-gdb.git
MR: 73932
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 49ad5f3244cd51ee6714c1b60cc1c3f84d7de7c8
Description:
i386-dis: Add 2 tests with invalid bnd register
PR binutils/21594
* testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
register.
* testsuite/gas/i386/x86-64-mpx.s: Likewise.
* testsuite/gas/i386/mpx.d: Updated.
* testsuite/gas/i386/x86-64-mpx.d: Likewise.
i386-dis: Check valid bnd register
Since there are only 4 bnd registers, return "(bad)" for register
number > 3.
PR binutils/21594
* i386-dis.c (OP_E_register): Check valid bnd register.
(OP_G): Likewise.
Affects: <= 2.28
Author: H.J. Lu <hjl.tools at gmail.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
Reviewed-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.27.inc | 2 +
.../binutils/binutils/CVE-2017-9755_1.patch | 60 ++++++++++++
.../binutils/binutils/CVE-2017-9755_2.patch | 101 +++++++++++++++++++++
3 files changed, 163 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 2b35cb1..961364c 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -86,6 +86,8 @@ SRC_URI = "\
file://CVE-2017-9750.patch \
file://CVE-2017-9752.patch \
file://CVE-2017-9753_9754.patch \
+ file://CVE-2017-9755_1.patch \
+ file://CVE-2017-9755_2.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
new file mode 100644
index 0000000..3ad3218
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
@@ -0,0 +1,60 @@
+commit 0d96e4df4812c3bad77c229dfef47a9bc115ac12
+Author: H.J. Lu <hjl.tools at gmail.com>
+Date: Thu Jun 15 06:40:17 2017 -0700
+
+ i386-dis: Check valid bnd register
+
+ Since there are only 4 bnd registers, return "(bad)" for register
+ number > 3.
+
+ PR binutils/21594
+ * i386-dis.c (OP_E_register): Check valid bnd register.
+ (OP_G): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9755
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: git/opcodes/i386-dis.c
+===================================================================
+--- git.orig/opcodes/i386-dis.c 2017-09-21 15:38:46.907182525 +0530
++++ git/opcodes/i386-dis.c 2017-09-21 15:38:54.703174976 +0530
+@@ -15211,6 +15211,11 @@
+ names = address_mode == mode_64bit ? names64 : names32;
+ break;
+ case bnd_mode:
++ if (reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ names = names_bnd;
+ break;
+ case indir_v_mode:
+@@ -15751,6 +15756,11 @@
+ oappend (names64[modrm.reg + add]);
+ break;
+ case bnd_mode:
++ if (modrm.reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ oappend (names_bnd[modrm.reg]);
+ break;
+ case v_mode:
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 15:38:54.531175122 +0530
++++ git/opcodes/ChangeLog 2017-09-21 15:45:32.264491166 +0530
+@@ -1,3 +1,9 @@
++2017-06-15 H.J. Lu <hongjiu.lu at intel.com>
++
++ PR binutils/21594
++ * i386-dis.c (OP_E_register): Check valid bnd register.
++ (OP_G): Likewise.
++
+ 2017-06-15 Nick Clifton <nickc at redhat.com>
+
+ PR binutils/21586
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch
new file mode 100644
index 0000000..69e1607
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch
@@ -0,0 +1,101 @@
+commit 8cac017d35ef374e65acc98818a17cf8a652cbd0
+Author: H.J. Lu <hjl.tools at gmail.com>
+Date: Thu Jun 15 08:21:48 2017 -0700
+
+ i386-dis: Add 2 tests with invalid bnd register
+
+ PR binutils/21594
+ * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
+ register.
+ * testsuite/gas/i386/x86-64-mpx.s: Likewise.
+ * testsuite/gas/i386/mpx.d: Updated.
+ * testsuite/gas/i386/x86-64-mpx.d: Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9755
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: git/gas/testsuite/gas/i386/mpx.d
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.616640460 +0530
+@@ -130,4 +130,8 @@
+
+ [a-f0-9]+ <foo>:
+ [ ]*[a-f0-9]+: f2 c3 bnd ret
++
++[a-f0-9]+ <bad>:
++[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%eax\),\(bad\)
++[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0
+ #pass
+Index: git/gas/testsuite/gas/i386/mpx.s
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.616640460 +0530
+@@ -157,3 +157,15 @@
+ bnd ret
+
+ foo: bnd ret
++
++bad:
++ # bndldx (%eax),(bad)
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0x30
++
++ # bndmov (bad),%bnd0
++ .byte 0x66
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0xc4
+Index: git/gas/testsuite/gas/i386/x86-64-mpx.d
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.616640460 +0530
+@@ -182,4 +182,8 @@
+
+ [a-f0-9]+ <foo>:
+ [ ]*[a-f0-9]+: f2 c3 bnd retq
++
++[a-f0-9]+ <bad>:
++[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%rax\),\(bad\)
++[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0
+ #pass
+Index: git/gas/testsuite/gas/i386/x86-64-mpx.s
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.616640460 +0530
+@@ -209,3 +209,15 @@
+ bnd ret
+
+ foo: bnd ret
++
++bad:
++ # bndldx (%eax),(bad)
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0x30
++
++ # bndmov (bad),%bnd0
++ .byte 0x66
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0xc4
+Index: git/gas/ChangeLog
+===================================================================
+--- git.orig/gas/ChangeLog 2017-09-21 15:38:53.143176323 +0530
++++ git/gas/ChangeLog 2017-09-21 15:48:07.134368927 +0530
+@@ -1,3 +1,12 @@
++2017-06-15 H.J. Lu <hongjiu.lu at intel.com>
++
++ PR binutils/21594
++ * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
++ register.
++ * testsuite/gas/i386/x86-64-mpx.s: Likewise.
++ * testsuite/gas/i386/mpx.d: Updated.
++ * testsuite/gas/i386/x86-64-mpx.d: Likewise.
++
+ 2016-12-01 Nick Clifton <nickc at redhat.com>
+
+ PR gas/20898
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list