binutls: Security fix for CVE-2017-9755

Affects: <= 2.28

(From OE-Core rev: 2a1da95cf865de024d278178b28e58a299526121)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2 files changed, 64 insertions, 0 deletions

diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index c6ef6478aa..b4299c8897 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -65,6 +65,7 @@ SRC_URI = "\
      file://CVE-2017-9751.patch \
      file://CVE-2017-9752.patch \
      file://CVE-2017-9753.patch \
+     file://CVE-2017-9755.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch
new file mode 100644
index 0000000000..15dc9090d8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch
@@ -0,0 +1,63 @@
+From 0d96e4df4812c3bad77c229dfef47a9bc115ac12 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Thu, 15 Jun 2017 06:40:17 -0700
+Subject: [PATCH] i386-dis: Check valid bnd register
+
+Since there are only 4 bnd registers, return "(bad)" for register
+number > 3.
+
+        PR binutils/21594
+        * i386-dis.c (OP_E_register): Check valid bnd register.
+        (OP_G): Likewise.
+
+Upstream-Status: Backport 
+CVE: CVE-2017-9755
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ opcodes/ChangeLog  |  6 ++++++
+ opcodes/i386-dis.c | 10 ++++++++++
+ 2 files changed, 16 insertions(+)
+
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog
++++ git/opcodes/ChangeLog
+@@ -1,3 +1,9 @@
++2017-06-15  H.J. Lu  <hongjiu.lu@intel.com>
++
++       PR binutils/21594
++       * i386-dis.c (OP_E_register): Check valid bnd register.
++       (OP_G): Likewise.
++
+ 2017-06-15  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/21588
+Index: git/opcodes/i386-dis.c
+===================================================================
+--- git.orig/opcodes/i386-dis.c
++++ git/opcodes/i386-dis.c
+@@ -14939,6 +14939,11 @@ OP_E_register (int bytemode, int sizefla
+       names = address_mode == mode_64bit ? names64 : names32;
+       break;
+     case bnd_mode:
++      if (reg > 0x3)
++       {
++         oappend ("(bad)");
++         return;
++       }
+       names = names_bnd;
+       break;
+     case indir_v_mode:
+@@ -15483,6 +15488,11 @@ OP_G (int bytemode, int sizeflag)
+       oappend (names64[modrm.reg + add]);
+       break;
+     case bnd_mode:
++      if (modrm.reg > 0x3)
++       {
++         oappend ("(bad)");
++         return;
++       }
+       oappend (names_bnd[modrm.reg]);
+       break;
+     case v_mode: