2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index a5122c5d5c..23aac6bd5e 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -70,6 +70,7 @@ SRC_URI = "\
     file://CVE-2017-8393.patch \
     file://CVE-2017-8395.patch \
     file://CVE-2017-8397.patch \
+     file://CVE-2017-7300.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
new file mode 100644
index 0000000000..c4432e76b0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
@@ -0,0 +1,55 @@
+From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 2 Dec 2016 16:41:14 +0000
+Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary.
+        PR ld/20909
+        * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+        for an illegal string offset.
+Upstream-Status: Backport
+CVE: CVE-2017-7300
+VER: < 2.27-r0.9.1
+Signed-off-by: Manjunath Matti <mmatti@mvista.com>
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/aoutx.h   | 3 +--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+diff --git a/bfd/ChangeLog b/bfd/ChangeLog
+index d061e66..c8085e7 100644
+--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
+@@ -175,6 +175,12 @@
+        * aoutx.h (find_nearest_line): Handle the case where the function
+        name is empty.
+ 
+2016-12-02  Nick Clifton  <nickc@redhat.com>
+
+       PR ld/20909
+       * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+       for an illegal string offset.
+
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+        PR ld/17739
+diff --git a/bfd/aoutx.h b/bfd/aoutx.h
+index 4308679..b9ac2b7 100644
+--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
+@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
+        continue;
+ 
+       /* PR 19629: Corrupt binaries can contain illegal string offsets.  */
+-      if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+      if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+        return FALSE;
+       name = strings + GET_WORD (abfd, p->e_strx);
+-      
+       value = GET_WORD (abfd, p->e_value);
+       flags = BSF_GLOBAL;
+       string = NULL;
+-- 
+2.9.3

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index a5122c5d5c..23aac6bd5e 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -70,6 +70,7 @@ SRC_URI = "\
70	file://CVE-2017-8393.patch \	70	file://CVE-2017-8393.patch \
71	file://CVE-2017-8395.patch \	71	file://CVE-2017-8395.patch \
72	file://CVE-2017-8397.patch \	72	file://CVE-2017-8397.patch \
		73	file://CVE-2017-7300.patch \
73	"	74	"
74	S = "${WORKDIR}/git"	75	S = "${WORKDIR}/git"
75		76


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch new file mode 100644 index 0000000000..c4432e76b0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
@@ -0,0 +1,55 @@
		1	From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Fri, 2 Dec 2016 16:41:14 +0000
		4	Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary.
		5
		6	PR ld/20909
		7	* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
		8	for an illegal string offset.
		9
		10	Upstream-Status: Backport
		11	CVE: CVE-2017-7300
		12	VER: < 2.27-r0.9.1
		13	Signed-off-by: Manjunath Matti <mmatti@mvista.com>
		14
		15	---
		16	bfd/ChangeLog \| 6 ++++++
		17	bfd/aoutx.h \| 3 +--
		18	2 files changed, 7 insertions(+), 2 deletions(-)
		19
		20	diff --git a/bfd/ChangeLog b/bfd/ChangeLog
		21	index d061e66..c8085e7 100644
		22	--- a/bfd/ChangeLog
		23	+++ b/bfd/ChangeLog
		24	@@ -175,6 +175,12 @@
		25	* aoutx.h (find_nearest_line): Handle the case where the function
		26	name is empty.
		27
		28	+2016-12-02 Nick Clifton <nickc@redhat.com>
		29	+
		30	+ PR ld/20909
		31	+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
		32	+ for an illegal string offset.
		33	+
		34	2016-08-02 Nick Clifton <nickc@redhat.com>
		35
		36	PR ld/17739
		37	diff --git a/bfd/aoutx.h b/bfd/aoutx.h
		38	index 4308679..b9ac2b7 100644
		39	--- a/bfd/aoutx.h
		40	+++ b/bfd/aoutx.h
		41	@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd abfd, struct bfd_link_info info)
		42	continue;
		43
		44	/* PR 19629: Corrupt binaries can contain illegal string offsets. */
		45	- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
		46	+ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
		47	return FALSE;
		48	name = strings + GET_WORD (abfd, p->e_strx);
		49	-
		50	value = GET_WORD (abfd, p->e_value);
		51	flags = BSF_GLOBAL;
		52	string = NULL;
		53	--
		54	2.9.3
		55