nasm: fix CVE-2018-10016

Previously fix of CVE-2018-10016 caused ovmf build failure,
I reported the failure to upstream and it replied with
this V2 fix.

Details at:
https://bugzilla.nasm.us/show_bug.cgi?id=3392473

(From OE-Core rev: e2fa6bc137faebba3c440cac93c88092421e8e82)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Hongxu Jia
2018-10-14 02:45:59 -07:00
committed by Richard Purdie
parent b8b8f43957
commit 600b5f1202
2 changed files with 41 additions and 0 deletions

View File

@@ -0,0 +1,40 @@
From ceec0d818798aeaa75ed4907e6135b0247ed46b2 Mon Sep 17 00:00:00 2001
From: Cyrill Gorcunov <gorcunov@gmail.com>
Date: Sun, 14 Oct 2018 01:26:19 +0300
Subject: [PATCH] eval: Eliminate division by zero
When doing division we should detect if the value we're
divided by is not zero. Instead of is_unknown() helper
we should use is_just_unknown().
https://bugzilla.nasm.us/show_bug.cgi?id=3392515
https://bugzilla.nasm.us/show_bug.cgi?id=3392473
Reported-by: Jun <jxx13@psu.edu>
Reported-by: stuartly <situlingyun@gmail.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Upstream-Status: Backport [https://github.com/netwide-assembler/nasm/commit/ceec0d818798aeaa75ed4907e6135b0247ed46b2.patch]
CVE: CVE-2018-10016
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
asm/eval.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/asm/eval.c b/asm/eval.c
index 1a6680f..7e727a4 100644
--- a/asm/eval.c
+++ b/asm/eval.c
@@ -580,7 +580,7 @@ static expr *expr5(int critical)
" scalar values");
return NULL;
}
- if (j != '*' && !is_unknown(f) && reloc_value(f) == 0) {
+ if (j != '*' && !is_just_unknown(f) && reloc_value(f) == 0) {
nasm_error(ERR_NONFATAL, "division by zero");
return NULL;
}
--
2.10.2

View File

@@ -8,6 +8,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
file://0001-assemble-Check-global-line-limit.patch \
file://0001-fix-CVE-2018-8882.patch \
file://0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch \
file://0001-eval-Eliminate-division-by-zero.patch \
"
SRC_URI[md5sum] = "0c581d482f39d5111879ca9601938f74"