1 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch
new file mode 100644
index 0000000000..5ae749bcca
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch
@@ -0,0 +1,58 @@
+From d785b7d4b877ed465d04072e17ca19d0f47d840f Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 29 Nov 2017 12:40:43 +0000
+Subject: [PATCH] Stop objdump from attempting to allocate a huge chunk of
+ memory when parsing relocs in a corrupt file.
+        PR 22508
+        * objdump.c (dump_relocs_in_section): Also check the section's
+        relocation count to make sure that it is reasonable before
+        attempting to allocate space for the relocs.
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE:  CVE-2017-17122
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ binutils/ChangeLog |  7 +++++++
+ binutils/objdump.c | 11 ++++++++++-
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
+++ git/binutils/objdump.c
+@@ -3381,7 +3381,16 @@ dump_relocs_in_section (bfd *abfd,
+     }
+ 
+   if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+-      && (ufile_ptr) relsize > bfd_get_file_size (abfd))
+      && (((ufile_ptr) relsize > bfd_get_file_size (abfd))
+         /* Also check the section's reloc count since if this is negative
+            (or very large) the computation in bfd_get_reloc_upper_bound
+            may have resulted in returning a small, positive integer.
+            See PR 22508 for a reproducer.
+
+            Note - we check against file size rather than section size as
+            it is possible for there to be more relocs that apply to a
+            section than there are bytes in that section.  */
+         || (section->reloc_count > bfd_get_file_size (abfd))))
+     {
+       printf (" (too many: 0x%x)\n", section->reloc_count);
+       bfd_set_error (bfd_error_file_truncated);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
+++ git/binutils/ChangeLog
+@@ -1,3 +1,10 @@
+2017-11-29  Nick Clifton  <nickc@redhat.com>
+
+       PR 22508
+       * objdump.c (dump_relocs_in_section): Also check the section's
+       relocation count to make sure that it is reasonable before
+       attempting to allocate space for the relocs.
+
+ 2017-11-02  Mingi Cho  <mgcho.minic@gmail.com>
+ 
+        PR 22384

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch new file mode 100644 index 0000000000..5ae749bcca --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch
@@ -0,0 +1,58 @@
	1	From d785b7d4b877ed465d04072e17ca19d0f47d840f Mon Sep 17 00:00:00 2001
	2	From: Nick Clifton <nickc@redhat.com>
	3	Date: Wed, 29 Nov 2017 12:40:43 +0000
	4	Subject: [PATCH] Stop objdump from attempting to allocate a huge chunk of
	5	memory when parsing relocs in a corrupt file.
	6
	7	PR 22508
	8	* objdump.c (dump_relocs_in_section): Also check the section's
	9	relocation count to make sure that it is reasonable before
	10	attempting to allocate space for the relocs.
	11
	12	Upstream-Status: Backport
	13	Affects: <= 2.29.1
	14	CVE: CVE-2017-17122
	15	Signed-off-by: Armin Kuster <akuster@mvista.com>
	16
	17	---
	18	binutils/ChangeLog \| 7 +++++++
	19	binutils/objdump.c \| 11 ++++++++++-
	20	2 files changed, 17 insertions(+), 1 deletion(-)
	21
	22	Index: git/binutils/objdump.c
	23	===================================================================
	24	--- git.orig/binutils/objdump.c
	25	+++ git/binutils/objdump.c
	26	@@ -3381,7 +3381,16 @@ dump_relocs_in_section (bfd *abfd,
	27	}
	28
	29	if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY \| BFD_LINKER_CREATED)) == 0
	30	- && (ufile_ptr) relsize > bfd_get_file_size (abfd))
	31	+ && (((ufile_ptr) relsize > bfd_get_file_size (abfd))
	32	+ /* Also check the section's reloc count since if this is negative
	33	+ (or very large) the computation in bfd_get_reloc_upper_bound
	34	+ may have resulted in returning a small, positive integer.
	35	+ See PR 22508 for a reproducer.
	36	+
	37	+ Note - we check against file size rather than section size as
	38	+ it is possible for there to be more relocs that apply to a
	39	+ section than there are bytes in that section. */
	40	+ \|\| (section->reloc_count > bfd_get_file_size (abfd))))
	41	{
	42	printf (" (too many: 0x%x)\n", section->reloc_count);
	43	bfd_set_error (bfd_error_file_truncated);
	44	Index: git/binutils/ChangeLog
	45	===================================================================
	46	--- git.orig/binutils/ChangeLog
	47	+++ git/binutils/ChangeLog
	48	@@ -1,3 +1,10 @@
	49	+2017-11-29 Nick Clifton <nickc@redhat.com>
	50	+
	51	+ PR 22508
	52	+ * objdump.c (dump_relocs_in_section): Also check the section's
	53	+ relocation count to make sure that it is reasonable before
	54	+ attempting to allocate space for the relocs.
	55	+
	56	2017-11-02 Mingi Cho <mgcho.minic@gmail.com>
	57
	58	PR 22384