1 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch
new file mode 100644
index 0000000000..3d036c4cf6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch
@@ -0,0 +1,56 @@
+From 489246368e2c49a795ad5ecbc8895cbc854292fa Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 17 Feb 2017 15:59:45 +0000
+Subject: Fix illegal memory accesses in readelf when parsing a corrupt binary.
+        PR binutils/21156
+        * readelf.c (find_section_in_set): Test for invalid section
+        indicies.
+CVE: CVE-2017-6969
+Upstream-Status: Backport [master]
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/readelf.c | 10 ++++++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index a70bdb7a7b..dbf8eb079e 100644
+--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
+@@ -1,3 +1,9 @@
+2017-02-17  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21156
+       * readelf.c (find_section_in_set): Test for invalid section
+       indicies.
+
+ 2016-08-03  Tristan Gingold  <gingold@adacore.com>
+ 
+        * configure: Regenerate.
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index d31558c3b4..7f7365dbc5 100644
+--- a/binutils/readelf.c
+++ b/binutils/readelf.c
+@@ -674,8 +674,14 @@ find_section_in_set (const char * name, unsigned int * set)
+   if (set != NULL)
+     {
+       while ((i = *set++) > 0)
+-       if (streq (SECTION_NAME (section_headers + i), name))
+-         return section_headers + i;
+       {
+         /* See PR 21156 for a reproducer.  */
+         if (i >= elf_header.e_shnum)
+           continue; /* FIXME: Should we issue an error message ?  */
+
+         if (streq (SECTION_NAME (section_headers + i), name))
+           return section_headers + i;
+       }
+     }
+ 
+   return find_section (name);
+-- 
+2.11.0

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch new file mode 100644 index 0000000000..3d036c4cf6 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch
@@ -0,0 +1,56 @@
	1	From 489246368e2c49a795ad5ecbc8895cbc854292fa Mon Sep 17 00:00:00 2001
	2	From: Nick Clifton <nickc@redhat.com>
	3	Date: Fri, 17 Feb 2017 15:59:45 +0000
	4	Subject: Fix illegal memory accesses in readelf when parsing a corrupt binary.
	5
	6	PR binutils/21156
	7	* readelf.c (find_section_in_set): Test for invalid section
	8	indicies.
	9
	10	CVE: CVE-2017-6969
	11	Upstream-Status: Backport [master]
	12
	13	Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
	14	---
	15	binutils/ChangeLog \| 6 ++++++
	16	binutils/readelf.c \| 10 ++++++++--
	17	2 files changed, 14 insertions(+), 2 deletions(-)
	18
	19	diff --git a/binutils/ChangeLog b/binutils/ChangeLog
	20	index a70bdb7a7b..dbf8eb079e 100644
	21	--- a/binutils/ChangeLog
	22	+++ b/binutils/ChangeLog
	23	@@ -1,3 +1,9 @@
	24	+2017-02-17 Nick Clifton <nickc@redhat.com>
	25	+
	26	+ PR binutils/21156
	27	+ * readelf.c (find_section_in_set): Test for invalid section
	28	+ indicies.
	29	+
	30	2016-08-03 Tristan Gingold <gingold@adacore.com>
	31
	32	* configure: Regenerate.
	33	diff --git a/binutils/readelf.c b/binutils/readelf.c
	34	index d31558c3b4..7f7365dbc5 100644
	35	--- a/binutils/readelf.c
	36	+++ b/binutils/readelf.c
	37	@@ -674,8 +674,14 @@ find_section_in_set (const char * name, unsigned int * set)
	38	if (set != NULL)
	39	{
	40	while ((i = *set++) > 0)
	41	- if (streq (SECTION_NAME (section_headers + i), name))
	42	- return section_headers + i;
	43	+ {
	44	+ /* See PR 21156 for a reproducer. */
	45	+ if (i >= elf_header.e_shnum)
	46	+ continue; /* FIXME: Should we issue an error message ? */
	47	+
	48	+ if (streq (SECTION_NAME (section_headers + i), name))
	49	+ return section_headers + i;
	50	+ }
	51	}
	52
	53	return find_section (name);
	54	--
	55	2.11.0
	56