binutls: Security fix CVE-2018-10535

Affects <= 2.30

(From OE-Core rev: 1ff22881249591d64fe61353a4d97ab91dc8efa0)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2 files changed, 62 insertions, 0 deletions

diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc
index 8693757e18..f8ac1ca26b 100644
--- a/meta/recipes-devtools/binutils/binutils-2.30.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -45,6 +45,7 @@ SRC_URI = "\
      file://CVE-2018-7568.patch \
      file://CVE-2018-10373.patch \
      file://CVE-2018-10372.patch \
+     file://CVE-2018-10535.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
new file mode 100644
index 0000000000..fa8fbd2aee
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
@@ -0,0 +1,61 @@
+From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 24 Apr 2018 16:57:04 +0100
+Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF
+ binary with corrupt section symbols.
+
+        PR 23113
+        * elf.c (ignore_section_sym): Check for the output_section pointer
+        being NULL before dereferencing it.
+
+Upstream-Status: Backport
+CVE: CVE-2018-10535
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 4 ++++
+ bfd/elf.c     | 9 ++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -4021,15 +4021,22 @@ ignore_section_sym (bfd *abfd, asymbol *
+ {
+   elf_symbol_type *type_ptr;
+ 
++  if (sym == NULL)
++    return FALSE;
++
+   if ((sym->flags & BSF_SECTION_SYM) == 0)
+     return FALSE;
+ 
++  if (sym->section == NULL)
++    return TRUE;
++
+   type_ptr = elf_symbol_from (abfd, sym);
+   return ((type_ptr != NULL
+           && type_ptr->internal_elf_sym.st_shndx != 0
+           && bfd_is_abs_section (sym->section))
+          || !(sym->section->owner == abfd
+-              || (sym->section->output_section->owner == abfd
++              || (sym->section->output_section != NULL
++                  && sym->section->output_section->owner == abfd
+                   && sym->section->output_offset == 0)
+               || bfd_is_abs_section (sym->section)));
+ }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-04-24  Nick Clifton  <nickc@redhat.com>
++
++       PR 23113
++       * elf.c (ignore_section_sym): Check for the output_section pointer
++       being NULL before dereferencing it.
++
+ 2018-04-17  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 23065