2 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index ed571b39e8..40b518bf7a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -42,6 +42,7 @@ SRC_URI = "\
     file://CVE-2017-6969.patch \
     file://CVE-2017-6969_2.patch \
     file://CVE-2017-7209.patch \
+     file://CVE-2017-7210.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch
new file mode 100644
index 0000000000..8791792c7c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch
@@ -0,0 +1,71 @@
+From 4da598a472e1d298825035e452e3bc68f714311c Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 14 Feb 2017 14:07:29 +0000
+Subject: Fix handling of corrupt STABS enum type strings.
+        PR binutils/21157
+        * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
+        pairs.
+        (parse_number): Exit early if passed an empty string.
+CVE: CVE-2017-7210
+Upstream-Status: Backport [master]
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ binutils/ChangeLog |  7 +++++++
+ binutils/stabs.c   | 14 +++++++++++++-
+ 2 files changed, 20 insertions(+), 1 deletion(-)
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index cf92744c12..0045fbaaa6 100644
+--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
+@@ -1,3 +1,10 @@
+2017-02-14  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21157
+       * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
+       pairs.
+       (parse_number): Exit early if passed an empty string.
+
+ 2017-02-13  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/21135
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index f5c5d2d8e0..5d013cc361 100644
+--- a/binutils/stabs.c
+++ b/binutils/stabs.c
+@@ -232,6 +232,10 @@ parse_number (const char **pp, bfd_boolean *poverflow)
+ 
+   orig = *pp;
+ 
+  /* Stop early if we are passed an empty string.  */
+  if (*orig == 0)
+    return (bfd_vma) 0;
+
+   errno = 0;
+   ul = strtoul (*pp, (char **) pp, 0);
+   if (ul + 1 != 0 || errno == 0)
+@@ -1975,9 +1979,17 @@ parse_stab_enum_type (void *dhandle, const char **pp)
+       bfd_signed_vma val;
+ 
+       p = *pp;
+-      while (*p != ':')
+      while (*p != ':' && *p != 0)
+        ++p;
+ 
+      if (*p == 0)
+       {
+         bad_stab (orig);
+         free (names);
+         free (values);
+         return DEBUG_TYPE_NULL;
+       }
+
+       name = savestring (*pp, p - *pp);
+ 
+       *pp = p + 1;
+-- 
+2.11.0

diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index ed571b39e8..40b518bf7a 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -42,6 +42,7 @@ SRC_URI = "\
42	file://CVE-2017-6969.patch \	42	file://CVE-2017-6969.patch \
43	file://CVE-2017-6969_2.patch \	43	file://CVE-2017-6969_2.patch \
44	file://CVE-2017-7209.patch \	44	file://CVE-2017-7209.patch \
		45	file://CVE-2017-7210.patch \
45	"	46	"
46	S = "${WORKDIR}/git"	47	S = "${WORKDIR}/git"
47		48


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch new file mode 100644 index 0000000000..8791792c7c --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch
@@ -0,0 +1,71 @@
		1	From 4da598a472e1d298825035e452e3bc68f714311c Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Tue, 14 Feb 2017 14:07:29 +0000
		4	Subject: Fix handling of corrupt STABS enum type strings.
		5
		6	PR binutils/21157
		7	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
		8	pairs.
		9	(parse_number): Exit early if passed an empty string.
		10
		11	CVE: CVE-2017-7210
		12	Upstream-Status: Backport [master]
		13
		14	Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
		15	---
		16	binutils/ChangeLog \| 7 +++++++
		17	binutils/stabs.c \| 14 +++++++++++++-
		18	2 files changed, 20 insertions(+), 1 deletion(-)
		19
		20	diff --git a/binutils/ChangeLog b/binutils/ChangeLog
		21	index cf92744c12..0045fbaaa6 100644
		22	--- a/binutils/ChangeLog
		23	+++ b/binutils/ChangeLog
		24	@@ -1,3 +1,10 @@
		25	+2017-02-14 Nick Clifton <nickc@redhat.com>
		26	+
		27	+ PR binutils/21157
		28	+ * stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
		29	+ pairs.
		30	+ (parse_number): Exit early if passed an empty string.
		31	+
		32	2017-02-13 Nick Clifton <nickc@redhat.com>
		33
		34	PR binutils/21135
		35	diff --git a/binutils/stabs.c b/binutils/stabs.c
		36	index f5c5d2d8e0..5d013cc361 100644
		37	--- a/binutils/stabs.c
		38	+++ b/binutils/stabs.c
		39	@@ -232,6 +232,10 @@ parse_number (const char *pp, bfd_boolean poverflow)
		40
		41	orig = *pp;
		42
		43	+ /* Stop early if we are passed an empty string. */
		44	+ if (*orig == 0)
		45	+ return (bfd_vma) 0;
		46	+
		47	errno = 0;
		48	ul = strtoul (pp, (char *) pp, 0);
		49	if (ul + 1 != 0 \|\| errno == 0)
		50	@@ -1975,9 +1979,17 @@ parse_stab_enum_type (void dhandle, const char *pp)
		51	bfd_signed_vma val;
		52
		53	p = *pp;
		54	- while (*p != ':')
		55	+ while (p != ':' && p != 0)
		56	++p;
		57
		58	+ if (*p == 0)
		59	+ {
		60	+ bad_stab (orig);
		61	+ free (names);
		62	+ free (values);
		63	+ return DEBUG_TYPE_NULL;
		64	+ }
		65	+
		66	name = savestring (pp, p - pp);
		67
		68	*pp = p + 1;
		69	--
		70	2.11.0
		71