1 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch
new file mode 100644
index 0000000000..9527390ccf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch
@@ -0,0 +1,64 @@
+From d6e1d48c83b165c129cb0aa78905f7ca80a1f682 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 17 Jun 2022 09:13:38 +0930
+Subject: [PATCH] PR29255, memory leak in make_tempdir
+        PR 29255
+        * bucomm.c (make_tempdir, make_tempname): Free template on all
+        failure paths.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682]
+CVE: CVE-2022-47008
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Patch refreshed based on codebase.
+---
+ binutils/bucomm.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+diff --git a/binutils/bucomm.c b/binutils/bucomm.c
+index fdc2209df9c..4395cb9f7f5 100644
+--- a/binutils/bucomm.c
+++ b/binutils/bucomm.c
+@@ -542,8 +542,9 @@
+ #else
+   tmpname = mktemp (tmpname);
+   if (tmpname == NULL)
+-    return NULL;
+-  fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
+    fd = -1;
+  else
+    fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
+ #endif
+   if (fd == -1)
+     {
+@@ -561,22 +562,23 @@
+ make_tempdir (const char *filename)
+ {
+   char *tmpname = template_in_dir (filename);
+  char *ret;
+ 
+ #ifdef HAVE_MKDTEMP
+-  return mkdtemp (tmpname);
+  ret = mkdtemp (tmpname);
+ #else
+-  tmpname = mktemp (tmpname);
+-  if (tmpname == NULL)
+-    return NULL;
+  ret = mktemp (tmpname);
+ #if defined (_WIN32) && !defined (__CYGWIN32__)
+   if (mkdir (tmpname) != 0)
+-    return NULL;
+    ret = NULL;
+ #else
+   if (mkdir (tmpname, 0700) != 0)
+-    return NULL;
+    ret = NULL;
+ #endif
+-  return tmpname;
+ #endif
+  if (ret == NULL)
+    free (tmpname);
+  return ret;
+ }
+ 
+ /* Parse a string into a VMA, with a fatal error if it can't be

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch new file mode 100644 index 0000000000..9527390ccf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch
@@ -0,0 +1,64 @@
	1	From d6e1d48c83b165c129cb0aa78905f7ca80a1f682 Mon Sep 17 00:00:00 2001
	2	From: Alan Modra <amodra@gmail.com>
	3	Date: Fri, 17 Jun 2022 09:13:38 +0930
	4	Subject: [PATCH] PR29255, memory leak in make_tempdir
	5
	6	PR 29255
	7	* bucomm.c (make_tempdir, make_tempname): Free template on all
	8	failure paths.
	9	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682]
	10	CVE: CVE-2022-47008
	11	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
	12	Comment: Patch refreshed based on codebase.
	13	---
	14	binutils/bucomm.c \| 20 +++++++++++---------
	15	1 file changed, 11 insertions(+), 9 deletions(-)
	16
	17	diff --git a/binutils/bucomm.c b/binutils/bucomm.c
	18	index fdc2209df9c..4395cb9f7f5 100644
	19	--- a/binutils/bucomm.c
	20	+++ b/binutils/bucomm.c
	21	@@ -542,8 +542,9 @@
	22	#else
	23	tmpname = mktemp (tmpname);
	24	if (tmpname == NULL)
	25	- return NULL;
	26	- fd = open (tmpname, O_RDWR \| O_CREAT \| O_EXCL, 0600);
	27	+ fd = -1;
	28	+ else
	29	+ fd = open (tmpname, O_RDWR \| O_CREAT \| O_EXCL, 0600);
	30	#endif
	31	if (fd == -1)
	32	{
	33	@@ -561,22 +562,23 @@
	34	make_tempdir (const char *filename)
	35	{
	36	char *tmpname = template_in_dir (filename);
	37	+ char *ret;
	38
	39	#ifdef HAVE_MKDTEMP
	40	- return mkdtemp (tmpname);
	41	+ ret = mkdtemp (tmpname);
	42	#else
	43	- tmpname = mktemp (tmpname);
	44	- if (tmpname == NULL)
	45	- return NULL;
	46	+ ret = mktemp (tmpname);
	47	#if defined (_WIN32) && !defined (__CYGWIN32__)
	48	if (mkdir (tmpname) != 0)
	49	- return NULL;
	50	+ ret = NULL;
	51	#else
	52	if (mkdir (tmpname, 0700) != 0)
	53	- return NULL;
	54	+ ret = NULL;
	55	#endif
	56	- return tmpname;
	57	#endif
	58	+ if (ret == NULL)
	59	+ free (tmpname);
	60	+ return ret;
	61	}
	62
	63	/* Parse a string into a VMA, with a fatal error if it can't be
	64