import-layers/yocto-poky/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch - openbmc/openbmc - Gitiles

 From 4da598a472e1d298825035e452e3bc68f714311c Mon Sep 17 00:00:00 2001
 From: Nick Clifton <nickc@redhat.com>
 Date: Tue, 14 Feb 2017 14:07:29 +0000
 Subject: Fix handling of corrupt STABS enum type strings.

 	PR binutils/21157
 	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
 	pairs.
 	(parse_number): Exit early if passed an empty string.

 CVE: CVE-2017-7210
 Upstream-Status: Backport [master]

 Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
 ---
  binutils/ChangeLog |  7 +++++++
  binutils/stabs.c   | 14 +++++++++++++-
  2 files changed, 20 insertions(+), 1 deletion(-)

 diff --git a/binutils/ChangeLog b/binutils/ChangeLog
 index cf92744c12..0045fbaaa6 100644
 --- a/binutils/ChangeLog
 +++ b/binutils/ChangeLog
 @@ -1,3 +1,10 @@
 +2017-02-14  Nick Clifton  <nickc@redhat.com>
 +
 +	PR binutils/21157
 +	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
 +	pairs.
 +	(parse_number): Exit early if passed an empty string.
 +
  2017-02-13  Nick Clifton  <nickc@redhat.com>

  	PR binutils/21135
 diff --git a/binutils/stabs.c b/binutils/stabs.c
 index f5c5d2d8e0..5d013cc361 100644
 --- a/binutils/stabs.c
 +++ b/binutils/stabs.c
 @@ -232,6 +232,10 @@ parse_number (const char **pp, bfd_boolean *poverflow)

    orig = *pp;

 +  /* Stop early if we are passed an empty string.  */
 +  if (*orig == 0)
 +    return (bfd_vma) 0;
 +
    errno = 0;
    ul = strtoul (*pp, (char **) pp, 0);
    if (ul + 1 != 0 || errno == 0)
 @@ -1975,9 +1979,17 @@ parse_stab_enum_type (void *dhandle, const char **pp)
        bfd_signed_vma val;

        p = *pp;
 -      while (*p != ':')
 +      while (*p != ':' && *p != 0)
  	++p;

 +      if (*p == 0)
 +	{
 +	  bad_stab (orig);
 +	  free (names);
 +	  free (values);
 +	  return DEBUG_TYPE_NULL;
 +	}
 +
        name = savestring (*pp, p - *pp);

        *pp = p + 1;
 --
 2.11.0
	From 4da598a472e1d298825035e452e3bc68f714311c Mon Sep 17 00:00:00 2001
	From: Nick Clifton <nickc@redhat.com>
	Date: Tue, 14 Feb 2017 14:07:29 +0000
	Subject: Fix handling of corrupt STABS enum type strings.

	PR binutils/21157
	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
	pairs.
	(parse_number): Exit early if passed an empty string.

	CVE: CVE-2017-7210
	Upstream-Status: Backport [master]

	Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
	---
	binutils/ChangeLog \| 7 +++++++
	binutils/stabs.c \| 14 +++++++++++++-
	2 files changed, 20 insertions(+), 1 deletion(-)

	diff --git a/binutils/ChangeLog b/binutils/ChangeLog
	index cf92744c12..0045fbaaa6 100644
	--- a/binutils/ChangeLog
	+++ b/binutils/ChangeLog
	@@ -1,3 +1,10 @@
	+2017-02-14 Nick Clifton <nickc@redhat.com>
	+
	+ PR binutils/21157
	+ * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
	+ pairs.
	+ (parse_number): Exit early if passed an empty string.
	+
	2017-02-13 Nick Clifton <nickc@redhat.com>

	PR binutils/21135
	diff --git a/binutils/stabs.c b/binutils/stabs.c
	index f5c5d2d8e0..5d013cc361 100644
	--- a/binutils/stabs.c
	+++ b/binutils/stabs.c
	@@ -232,6 +232,10 @@ parse_number (const char *pp, bfd_boolean poverflow)

	orig = *pp;

	+ /* Stop early if we are passed an empty string. */
	+ if (*orig == 0)
	+ return (bfd_vma) 0;
	+
	errno = 0;
	ul = strtoul (pp, (char *) pp, 0);
	if (ul + 1 != 0 \|\| errno == 0)
	@@ -1975,9 +1979,17 @@ parse_stab_enum_type (void dhandle, const char *pp)
	bfd_signed_vma val;

	p = *pp;
	- while (*p != ':')
	+ while (p != ':' && p != 0)
	++p;

	+ if (*p == 0)
	+ {
	+ bad_stab (orig);
	+ free (names);
	+ free (values);
	+ return DEBUG_TYPE_NULL;
	+ }
	+
	name = savestring (pp, p - pp);

	*pp = p + 1;
	--
	2.11.0