All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/2] binutils: fix CVE-2017-7209 in readelf
@ 2017-05-26  2:40 Yuanjie Huang
  2017-05-26  2:40 ` [PATCH 2/2] binutils: fix CVE-2017-7210 Yuanjie Huang
  0 siblings, 1 reply; 2+ messages in thread
From: Yuanjie Huang @ 2017-05-26  2:40 UTC (permalink / raw)
  To: openembedded-core

CVE: CVE-2017-7209

[BZ 21135] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21135

PR binutils/21135: Fix invalid read of section contents whilst processing
a corrupt binary.

Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
---
 meta/recipes-devtools/binutils/binutils-2.28.inc   |  1 +
 .../binutils/binutils/CVE-2017-7209.patch          | 62 ++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 75eca32b24..ed571b39e8 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -41,6 +41,7 @@ SRC_URI = "\
      file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \
      file://CVE-2017-6969.patch \
      file://CVE-2017-6969_2.patch \
+     file://CVE-2017-7209.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch
new file mode 100644
index 0000000000..2357a12836
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch
@@ -0,0 +1,62 @@
+From b2706ceadac7239e7b02d43f05100fc6538b0d65 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 13 Feb 2017 15:04:37 +0000
+Subject: Fix invalid read of section contents whilst processing a corrupt binary.
+
+	PR binutils/21135
+	* readelf.c (dump_section_as_bytes): Handle the case where
+	uncompress_section_contents returns false.
+
+CVE: CVE-2017-7209
+Upstream-Status: Backport[master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/readelf.c | 16 ++++++++++++----
+ 2 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index 53352c1801..cf92744c12 100644
+--- a/binutils/ChangeLog
++++ b/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-02-13  Nick Clifton  <nickc@redhat.com>
++
++	PR binutils/21135
++	* readelf.c (dump_section_as_bytes): Handle the case where
++	uncompress_section_contents returns false.
++
+ 2017-02-20  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21156
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index 4960491c5c..f0e7b080e8 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -12803,10 +12803,18 @@ dump_section_as_bytes (Elf_Internal_Shdr * section,
+ 	  new_size -= 12;
+ 	}
+ 
+-      if (uncompressed_size
+-	  && uncompress_section_contents (& start, uncompressed_size,
+-					  & new_size))
+-	section_size = new_size;
++      if (uncompressed_size)
++	{
++	  if (uncompress_section_contents (& start, uncompressed_size,
++					   & new_size))
++	    section_size = new_size;
++	  else
++	    {
++	      error (_("Unable to decompress section %s\n"),
++		     printable_section_name (section));
++	      return;
++	    }
++	}
+     }
+ 
+   if (relocate)
+-- 
+2.11.0
+
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [PATCH 2/2] binutils: fix CVE-2017-7210
  2017-05-26  2:40 [PATCH 1/2] binutils: fix CVE-2017-7209 in readelf Yuanjie Huang
@ 2017-05-26  2:40 ` Yuanjie Huang
  0 siblings, 0 replies; 2+ messages in thread
From: Yuanjie Huang @ 2017-05-26  2:40 UTC (permalink / raw)
  To: openembedded-core

CVE: CVE-2017-7210

[BZ 21157] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21157

PR binutils/21157: Fix handling of corrupt STABS enum type strings.

Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
---
 meta/recipes-devtools/binutils/binutils-2.28.inc   |  1 +
 .../binutils/binutils/CVE-2017-7210.patch          | 71 ++++++++++++++++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index ed571b39e8..40b518bf7a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -42,6 +42,7 @@ SRC_URI = "\
      file://CVE-2017-6969.patch \
      file://CVE-2017-6969_2.patch \
      file://CVE-2017-7209.patch \
+     file://CVE-2017-7210.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch
new file mode 100644
index 0000000000..8791792c7c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch
@@ -0,0 +1,71 @@
+From 4da598a472e1d298825035e452e3bc68f714311c Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 14 Feb 2017 14:07:29 +0000
+Subject: Fix handling of corrupt STABS enum type strings.
+
+	PR binutils/21157
+	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
+	pairs.
+	(parse_number): Exit early if passed an empty string.
+
+CVE: CVE-2017-7210
+Upstream-Status: Backport [master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ binutils/ChangeLog |  7 +++++++
+ binutils/stabs.c   | 14 +++++++++++++-
+ 2 files changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index cf92744c12..0045fbaaa6 100644
+--- a/binutils/ChangeLog
++++ b/binutils/ChangeLog
+@@ -1,3 +1,10 @@
++2017-02-14  Nick Clifton  <nickc@redhat.com>
++
++	PR binutils/21157
++	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
++	pairs.
++	(parse_number): Exit early if passed an empty string.
++
+ 2017-02-13  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21135
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index f5c5d2d8e0..5d013cc361 100644
+--- a/binutils/stabs.c
++++ b/binutils/stabs.c
+@@ -232,6 +232,10 @@ parse_number (const char **pp, bfd_boolean *poverflow)
+ 
+   orig = *pp;
+ 
++  /* Stop early if we are passed an empty string.  */
++  if (*orig == 0)
++    return (bfd_vma) 0;
++
+   errno = 0;
+   ul = strtoul (*pp, (char **) pp, 0);
+   if (ul + 1 != 0 || errno == 0)
+@@ -1975,9 +1979,17 @@ parse_stab_enum_type (void *dhandle, const char **pp)
+       bfd_signed_vma val;
+ 
+       p = *pp;
+-      while (*p != ':')
++      while (*p != ':' && *p != 0)
+ 	++p;
+ 
++      if (*p == 0)
++	{
++	  bad_stab (orig);
++	  free (names);
++	  free (values);
++	  return DEBUG_TYPE_NULL;
++	}
++
+       name = savestring (*pp, p - *pp);
+ 
+       *pp = p + 1;
+-- 
+2.11.0
+
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-05-26  2:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-26  2:40 [PATCH 1/2] binutils: fix CVE-2017-7209 in readelf Yuanjie Huang
2017-05-26  2:40 ` [PATCH 2/2] binutils: fix CVE-2017-7210 Yuanjie Huang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.