1 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
new file mode 100644
index 0000000000..e62c73c06d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
@@ -0,0 +1,64 @@
+From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:34:57 +0930
+Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation
+The sanity check covers the previous minimim size, plus that the size
+is at least enough for sh_info verneed entries.
+Also, since we write all verneed fields or exit with an error, there
+isn't any need to zero the memory allocated for verneed entries.
+        PR 22166
+        * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
+        SHT_GNU_verneed section for sanity.  Don't zalloc memory for
+        verref.
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14938
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/elf.c     | 5 +++--
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
+++ git/bfd/elf.c
+@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 
+       hdr = &elf_tdata (abfd)->dynverref_hdr;
+ 
+-      if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed))
+      if (hdr->sh_info == 0
+         || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed))
+        {
+ error_return_bad_verref:
+          _bfd_error_handler
+@@ -8219,7 +8220,7 @@ error_return_verref:
+        goto error_return_verref;
+ 
+       elf_tdata (abfd)->verref = (Elf_Internal_Verneed *)
+-       bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
+       bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
+ 
+       if (elf_tdata (abfd)->verref == NULL)
+        goto error_return_verref;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
+2017-09-24  Alan Modra  <amodra@gmail.com>
+
+       PR 22166
+       * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
+       SHT_GNU_verneed section for sanity.  Don't zalloc memory for
+       verref.
+
+ 2017-09-26  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22210

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch new file mode 100644 index 0000000000..e62c73c06d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
@@ -0,0 +1,64 @@
	1	From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001
	2	From: Alan Modra <amodra@gmail.com>
	3	Date: Sun, 24 Sep 2017 14:34:57 +0930
	4	Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation
	5
	6	The sanity check covers the previous minimim size, plus that the size
	7	is at least enough for sh_info verneed entries.
	8
	9	Also, since we write all verneed fields or exit with an error, there
	10	isn't any need to zero the memory allocated for verneed entries.
	11
	12	PR 22166
	13	* elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
	14	SHT_GNU_verneed section for sanity. Don't zalloc memory for
	15	verref.
	16
	17	Upstream-Status: Backport
	18	Affects: <= 2.29.1
	19	CVE: CVE-2017-14938
	20	Signed-off-by: Armin Kuster <akuster@mvista.com>
	21
	22	---
	23	bfd/ChangeLog \| 7 +++++++
	24	bfd/elf.c \| 5 +++--
	25	2 files changed, 10 insertions(+), 2 deletions(-)
	26
	27	Index: git/bfd/elf.c
	28	===================================================================
	29	--- git.orig/bfd/elf.c
	30	+++ git/bfd/elf.c
	31	@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
	32
	33	hdr = &elf_tdata (abfd)->dynverref_hdr;
	34
	35	- if (hdr->sh_info == 0 \|\| hdr->sh_size < sizeof (Elf_External_Verneed))
	36	+ if (hdr->sh_info == 0
	37	+ \|\| hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed))
	38	{
	39	error_return_bad_verref:
	40	_bfd_error_handler
	41	@@ -8219,7 +8220,7 @@ error_return_verref:
	42	goto error_return_verref;
	43
	44	elf_tdata (abfd)->verref = (Elf_Internal_Verneed *)
	45	- bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
	46	+ bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
	47
	48	if (elf_tdata (abfd)->verref == NULL)
	49	goto error_return_verref;
	50	Index: git/bfd/ChangeLog
	51	===================================================================
	52	--- git.orig/bfd/ChangeLog
	53	+++ git/bfd/ChangeLog
	54	@@ -1,3 +1,10 @@
	55	+2017-09-24 Alan Modra <amodra@gmail.com>
	56	+
	57	+ PR 22166
	58	+ * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
	59	+ SHT_GNU_verneed section for sanity. Don't zalloc memory for
	60	+ verref.
	61	+
	62	2017-09-26 Alan Modra <amodra@gmail.com>
	63
	64	PR 22210