| From 4da598a472e1d298825035e452e3bc68f714311c Mon Sep 17 00:00:00 2001 |
| From: Nick Clifton <nickc@redhat.com> |
| Date: Tue, 14 Feb 2017 14:07:29 +0000 |
| Subject: Fix handling of corrupt STABS enum type strings. |
| |
| PR binutils/21157 |
| * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE |
| pairs. |
| (parse_number): Exit early if passed an empty string. |
| |
| CVE: CVE-2017-7210 |
| Upstream-Status: Backport [master] |
| |
| Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> |
| --- |
| binutils/ChangeLog | 7 +++++++ |
| binutils/stabs.c | 14 +++++++++++++- |
| 2 files changed, 20 insertions(+), 1 deletion(-) |
| |
| diff --git a/binutils/ChangeLog b/binutils/ChangeLog |
| index cf92744c12..0045fbaaa6 100644 |
| --- a/binutils/ChangeLog |
| +++ b/binutils/ChangeLog |
| @@ -1,3 +1,10 @@ |
| +2017-02-14 Nick Clifton <nickc@redhat.com> |
| + |
| + PR binutils/21157 |
| + * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE |
| + pairs. |
| + (parse_number): Exit early if passed an empty string. |
| + |
| 2017-02-13 Nick Clifton <nickc@redhat.com> |
| |
| PR binutils/21135 |
| diff --git a/binutils/stabs.c b/binutils/stabs.c |
| index f5c5d2d8e0..5d013cc361 100644 |
| --- a/binutils/stabs.c |
| +++ b/binutils/stabs.c |
| @@ -232,6 +232,10 @@ parse_number (const char **pp, bfd_boolean *poverflow) |
| |
| orig = *pp; |
| |
| + /* Stop early if we are passed an empty string. */ |
| + if (*orig == 0) |
| + return (bfd_vma) 0; |
| + |
| errno = 0; |
| ul = strtoul (*pp, (char **) pp, 0); |
| if (ul + 1 != 0 || errno == 0) |
| @@ -1975,9 +1979,17 @@ parse_stab_enum_type (void *dhandle, const char **pp) |
| bfd_signed_vma val; |
| |
| p = *pp; |
| - while (*p != ':') |
| + while (*p != ':' && *p != 0) |
| ++p; |
| |
| + if (*p == 0) |
| + { |
| + bad_stab (orig); |
| + free (names); |
| + free (values); |
| + return DEBUG_TYPE_NULL; |
| + } |
| + |
| name = savestring (*pp, p - *pp); |
| |
| *pp = p + 1; |
| -- |
| 2.11.0 |
| |