[oe-commits] [openembedded-core] 38/51: binutils: CVE-2017-9745
git at git.openembedded.org
git at git.openembedded.org
Sun Jan 7 17:11:47 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch morty
in repository openembedded-core.
commit f8542a9cf50c8001f675f68e42234c306d8ce1e7
Author: Thiruvadi Rajaraman <trajaraman at mvista.com>
AuthorDate: Thu Sep 21 19:39:24 2017 +0530
binutils: CVE-2017-9745
Source: binutils-gdb.git
MR: 74062
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 2ec9457275509bfd8dc9185fbdcd485192a82cca
Description:
Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
PR binutils/21579
* vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
Affects: <= 2.28
Author: Nick Clifton <nickc at redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
Reviewed-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.27.inc | 1 +
.../binutils/binutils/CVE-2017-9745.patch | 62 ++++++++++++++++++++++
2 files changed, 63 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 70d4065..f51ca4e 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -89,6 +89,7 @@ SRC_URI = "\
file://CVE-2017-9755_1.patch \
file://CVE-2017-9755_2.patch \
file://CVE-2017-9756.patch \
+ file://CVE-2017-9745.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
new file mode 100644
index 0000000..b80226f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
@@ -0,0 +1,62 @@
+commit 76800cba595efc3fe95a446c2d664e42ae4ee869
+Author: Nick Clifton <nickc at redhat.com>
+Date: Thu Jun 15 12:08:57 2017 +0100
+
+ Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
+
+ PR binutils/21579
+ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+
+Upstream-Status: CVE-2017-9745
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-09-21 16:08:57.863375204 +0530
++++ git/bfd/vms-alpha.c 2017-09-21 16:08:58.211377888 +0530
+@@ -1801,14 +1801,8 @@
+
+ ptr += 4;
+
+-#if VMS_DEBUG
+- _bfd_vms_debug (4, "etir: %s(%d)\n",
+- _bfd_vms_etir_name (cmd), cmd);
+- _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+-#endif
+-
+- /* PR 21589: Check for a corrupt ETIR record. */
+- if (cmd_length < 4)
++ /* PR 21589 and 21579: Check for a corrupt ETIR record. */
++ if (cmd_length < 4 || (ptr + cmd_length > maxptr + 4))
+ {
+ corrupt_etir:
+ _bfd_error_handler (_("Corrupt ETIR record encountered"));
+@@ -1816,6 +1810,12 @@
+ return FALSE;
+ }
+
++#if VMS_DEBUG
++ _bfd_vms_debug (4, "etir: %s(%d)\n",
++ _bfd_vms_etir_name (cmd), cmd);
++ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
++#endif
++
+ switch (cmd)
+ {
+ /* Stack global
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 16:08:57.927375697 +0530
++++ git/bfd/ChangeLog 2017-09-21 16:11:35.192613756 +0530
+@@ -81,6 +81,11 @@
+ PR binutils/21581
+ (ieee_archive_p): Likewise.
+
++2017-06-15 Nick Clifton <nickc at redhat.com>
++
++ PR binutils/21579
++ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
++
+ 2017-06-14 Nick Clifton <nickc at redhat.com>
+
+ PR binutils/21589
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list