binutils: CVE-2017-7227

Source: git://sourceware.org/git/binutils-gdb.git MR: 74270 Type: Security Fix Disposition: Backport from binutils-2_28-branch ChangeID: e4e88f56ba13671afb5b3194ca4c1c59601e5fd5 Description: Fix seg-fault in linker when passed a bogus input script. PR ld/20906 * ldlex.l: Check for bogus strings in linker scripts. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: 650a5b69c4ae7cf91d13993225877d0187bcb65e) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-21 03:32:12 +02:00 · 2017-09-04 14:03:42 +05:30
parent 24a6fa6184
commit a880a7f8d7
2 changed files with 50 additions and 0 deletions
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -62,6 +62,7 @@ SRC_URI = "\
     file://CVE-2017-7223.patch \
     file://CVE-2017-7224.patch \
     file://CVE-2017-7225.patch \
+     file://CVE-2017-7227.patch \
 "
 S  = "${WORKDIR}/git"

--- a/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch
@@ -0,0 +1,49 @@
+commit 406bd128dba2a59d0736839fc87a59bce319076c
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Dec 5 16:00:43 2016 +0000
+
+    Fix seg-fault in linker when passed a bogus input script.
+    
+        PR ld/20906
+        * ldlex.l: Check for bogus strings in linker scripts.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7227
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/ld/ChangeLog
+===================================================================
+--- git.orig/ld/ChangeLog	2017-09-04 13:18:09.660584245 +0530
+++ git/ld/ChangeLog	2017-09-04 13:20:34.286155911 +0530
+@@ -1,3 +1,8 @@
+2016-12-05  Nick Clifton  <nickc@redhat.com>
+
+	PR ld/20906
+	* ldlex.l: Check for bogus strings in linker scripts.
+
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR ld/17739
+Index: git/ld/ldlex.l
+===================================================================
+--- git.orig/ld/ldlex.l	2017-09-04 13:18:09.692584605 +0530
+++ git/ld/ldlex.l	2017-09-04 13:22:54.483583368 +0530
+@@ -416,9 +416,15 @@
+ 
+ <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" {
+ 					/* No matter the state, quotes
+-					   give what's inside */
+                                          give what's inside.  */
+                                        bfd_size_type len;
+ 					yylval.name = xstrdup (yytext + 1);
+-					yylval.name[yyleng - 2] = 0;
+                                        /* PR ld/20906.  A corrupt input file
+                                           can contain bogus strings.  */
+                                        len = strlen (yylval.name);
+                                        if (len > yyleng - 2)
+                                          len = yyleng - 2;
+                                        yylval.name[len] = 0;
+ 					return NAME;
+ 				}
+ <BOTH,SCRIPT,EXPRESSION>"\n"		{ lineno++;}