1 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
new file mode 100644
index 0000000000..26515721e3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
@@ -0,0 +1,58 @@
+commit 04e15b4a9462cb1ae819e878a6009829aab8020b
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Jun 26 15:46:34 2017 +0100
+    Fix address violation parsing a corrupt texhex format file.
+    
+        PR binutils/21670
+        * tekhex.c (getvalue): Check for the source pointer exceeding the
+        end pointer before the first byte is read.
+Upstream-Status: Backport
+CVE: CVE-2017-9954
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/tekhex.c
+===================================================================
+--- git.orig/bfd/tekhex.c       2017-09-21 16:19:42.570877476 +0530
+++ git/bfd/tekhex.c    2017-09-21 16:20:06.878964516 +0530
+@@ -273,6 +273,9 @@
+   bfd_vma value = 0;
+   unsigned int len;
+ 
+  if (src >= endp)
+    return FALSE;
+
+   if (!ISHEX (*src))
+     return FALSE;
+ 
+@@ -514,9 +517,10 @@
+   /* To the front of the file.  */
+   if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
+     return FALSE;
+
+   while (! is_eof)
+     {
+-      char src[MAXCHUNK];
+      static char src[MAXCHUNK];
+       char type;
+ 
+       /* Find first '%'.  */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog      2017-09-21 16:20:06.822964309 +0530
+++ git/bfd/ChangeLog   2017-09-21 16:22:29.383577439 +0530
+@@ -55,6 +55,12 @@
+        correct magic bytes at the start, set the error to wrong format
+        and clear the format selector before returning NULL.
+ 
+2017-06-26  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21670
+       * tekhex.c (getvalue): Check for the source pointer exceeding the
+       end pointer before the first byte is read.
+
+  2017-06-21  Nick Clifton  <nickc@redhat.com>
+  
+        PR binutils/21637

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch new file mode 100644 index 0000000000..26515721e3 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
@@ -0,0 +1,58 @@
	1	commit 04e15b4a9462cb1ae819e878a6009829aab8020b
	2	Author: Nick Clifton <nickc@redhat.com>
	3	Date: Mon Jun 26 15:46:34 2017 +0100
	4
	5	Fix address violation parsing a corrupt texhex format file.
	6
	7	PR binutils/21670
	8	* tekhex.c (getvalue): Check for the source pointer exceeding the
	9	end pointer before the first byte is read.
	10
	11	Upstream-Status: Backport
	12
	13	CVE: CVE-2017-9954
	14	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
	15
	16	Index: git/bfd/tekhex.c
	17	===================================================================
	18	--- git.orig/bfd/tekhex.c 2017-09-21 16:19:42.570877476 +0530
	19	+++ git/bfd/tekhex.c 2017-09-21 16:20:06.878964516 +0530
	20	@@ -273,6 +273,9 @@
	21	bfd_vma value = 0;
	22	unsigned int len;
	23
	24	+ if (src >= endp)
	25	+ return FALSE;
	26	+
	27	if (!ISHEX (*src))
	28	return FALSE;
	29
	30	@@ -514,9 +517,10 @@
	31	/* To the front of the file. */
	32	if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
	33	return FALSE;
	34	+
	35	while (! is_eof)
	36	{
	37	- char src[MAXCHUNK];
	38	+ static char src[MAXCHUNK];
	39	char type;
	40
	41	/* Find first '%'. */
	42	Index: git/bfd/ChangeLog
	43	===================================================================
	44	--- git.orig/bfd/ChangeLog 2017-09-21 16:20:06.822964309 +0530
	45	+++ git/bfd/ChangeLog 2017-09-21 16:22:29.383577439 +0530
	46	@@ -55,6 +55,12 @@
	47	correct magic bytes at the start, set the error to wrong format
	48	and clear the format selector before returning NULL.
	49
	50	+2017-06-26 Nick Clifton <nickc@redhat.com>
	51	+
	52	+ PR binutils/21670
	53	+ * tekhex.c (getvalue): Check for the source pointer exceeding the
	54	+ end pointer before the first byte is read.
	55	+
	56	2017-06-21 Nick Clifton <nickc@redhat.com>
	57
	58	PR binutils/21637