2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index bd25a525be..cdfbd26c46 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -44,6 +44,7 @@ SRC_URI = "\
     file://CVE-2017-14938.patch \
     file://CVE-2017-14939.patch \
     file://CVE-2017-14940.patch \
+     file://CVE-2017-15021.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch
new file mode 100644
index 0000000000..caca7b107e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch
@@ -0,0 +1,48 @@
+From 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 21:36:18 +0930
+Subject: [PATCH] PR22197, buffer overflow in bfd_get_debug_link_info_1
+        PR 22197
+        * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
+        within section bounds.
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15021
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/opncls.c  | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+Index: git/bfd/opncls.c
+===================================================================
+--- git.orig/bfd/opncls.c
+++ git/bfd/opncls.c
+@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+   /* PR 17597: avoid reading off the end of the buffer.  */
+   crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
+   crc_offset = (crc_offset + 3) & ~3;
+-  if (crc_offset >= bfd_get_section_size (sect))
+  if (crc_offset + 4 > bfd_get_section_size (sect))
+     return NULL;
+ 
+   *crc32 = bfd_get_32 (abfd, contents + crc_offset);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,5 +1,11 @@
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+  
+       PR 22197
+       * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
+       within section bounds.
+
+2017-09-24  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22167
+        * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
+

diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index bd25a525be..cdfbd26c46 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -44,6 +44,7 @@ SRC_URI = "\
44	file://CVE-2017-14938.patch \	44	file://CVE-2017-14938.patch \
45	file://CVE-2017-14939.patch \	45	file://CVE-2017-14939.patch \
46	file://CVE-2017-14940.patch \	46	file://CVE-2017-14940.patch \
		47	file://CVE-2017-15021.patch \
47	"	48	"
48	S = "${WORKDIR}/git"	49	S = "${WORKDIR}/git"
49		50


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch new file mode 100644 index 0000000000..caca7b107e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch
@@ -0,0 +1,48 @@
		1	From 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Sun, 24 Sep 2017 21:36:18 +0930
		4	Subject: [PATCH] PR22197, buffer overflow in bfd_get_debug_link_info_1
		5
		6	PR 22197
		7	* opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
		8	within section bounds.
		9
		10	Upstream-Status: Backport
		11	Affects: <= 2.29.1
		12	CVE: CVE-2017-15021
		13	Signed-off-by: Armin Kuster <akuster@mvista.com>
		14
		15	---
		16	bfd/ChangeLog \| 6 ++++++
		17	bfd/opncls.c \| 2 +-
		18	2 files changed, 7 insertions(+), 1 deletion(-)
		19
		20	Index: git/bfd/opncls.c
		21	===================================================================
		22	--- git.orig/bfd/opncls.c
		23	+++ git/bfd/opncls.c
		24	@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
		25	/* PR 17597: avoid reading off the end of the buffer. */
		26	crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
		27	crc_offset = (crc_offset + 3) & ~3;
		28	- if (crc_offset >= bfd_get_section_size (sect))
		29	+ if (crc_offset + 4 > bfd_get_section_size (sect))
		30	return NULL;
		31
		32	*crc32 = bfd_get_32 (abfd, contents + crc_offset);
		33	Index: git/bfd/ChangeLog
		34	===================================================================
		35	--- git.orig/bfd/ChangeLog
		36	+++ git/bfd/ChangeLog
		37	@@ -1,5 +1,11 @@
		38	2017-09-24 Alan Modra <amodra@gmail.com>
		39
		40	+ PR 22197
		41	+ * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
		42	+ within section bounds.
		43	+
		44	+2017-09-24 Alan Modra <amodra@gmail.com>
		45	+
		46	PR 22167
		47	* dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
		48