2 files changed, 71 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc
index 9c883acc52..349fa5a36a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.30.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -35,6 +35,7 @@ SRC_URI = "\
     file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \
     file://0014-Detect-64-bit-MIPS-targets.patch \
     file://0015-sync-with-OE-libtool-changes.patch \
+     file://CVE-2018-8945.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch
new file mode 100644
index 0000000000..6a43168b85
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch
@@ -0,0 +1,70 @@
+From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 8 May 2018 12:51:06 +0100
+Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a
+ fuzzed input file with corrupt string and attribute sections.
+        PR 22809
+        * elf.c (bfd_elf_get_str_section): Check for an excessively large
+        string section.
+        * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
+        attribute section is larger than the size of the file.
+Upsteram-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-8945
+Signed-off-by: Armin kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog   | 8 ++++++++
+ bfd/elf-attrs.c | 9 +++++++++
+ bfd/elf.c       | 1 +
+ 3 files changed, 18 insertions(+)
+Index: git/bfd/elf-attrs.c
+===================================================================
+--- git.orig/bfd/elf-attrs.c
+++ git/bfd/elf-attrs.c
+@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El
+   /* PR 17512: file: 2844a11d.  */
+   if (hdr->sh_size == 0)
+     return;
+  if (hdr->sh_size > bfd_get_file_size (abfd))
+    {
+      /* xgettext:c-format */
+      _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
+                         abfd, hdr->bfd_section, (long long) hdr->sh_size);
+      bfd_set_error (bfd_error_invalid_operation);
+      return;
+    }
+
+   contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
+   if (!contents)
+     return;
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
+++ git/bfd/elf.c
+@@ -298,6 +298,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
+       /* Allocate and clear an extra byte at the end, to prevent crashes
+         in case the string table is not terminated.  */
+       if (shstrtabsize + 1 <= 1
+         || shstrtabsize > bfd_get_file_size (abfd)
+          || bfd_seek (abfd, offset, SEEK_SET) != 0
+          || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
+        shstrtab = NULL;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
+2018-05-08  Nick Clifton  <nickc@redhat.com>
+
+       PR 22809
+       * elf.c (bfd_elf_get_str_section): Check for an excessively large
+       string section.
+       * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
+       attribute section is larger than the size of the file.
+
+ 2018-02-07  Alan Modra  <amodra@gmail.com>
+ 
+        Revert 2018-01-17  Alan Modra  <amodra@gmail.com>

diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc index 9c883acc52..349fa5a36a 100644 --- a/meta/recipes-devtools/binutils/binutils-2.30.inc +++ b/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -35,6 +35,7 @@ SRC_URI = "\
35	file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \	35	file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \
36	file://0014-Detect-64-bit-MIPS-targets.patch \	36	file://0014-Detect-64-bit-MIPS-targets.patch \
37	file://0015-sync-with-OE-libtool-changes.patch \	37	file://0015-sync-with-OE-libtool-changes.patch \
		38	file://CVE-2018-8945.patch \
38	"	39	"
39	S = "${WORKDIR}/git"	40	S = "${WORKDIR}/git"
40		41


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch new file mode 100644 index 0000000000..6a43168b85 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch
@@ -0,0 +1,70 @@
		1	From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Tue, 8 May 2018 12:51:06 +0100
		4	Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a
		5	fuzzed input file with corrupt string and attribute sections.
		6
		7	PR 22809
		8	* elf.c (bfd_elf_get_str_section): Check for an excessively large
		9	string section.
		10	* elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
		11	attribute section is larger than the size of the file.
		12
		13	Upsteram-Status: Backport
		14	Affects: Binutils <= 2.30
		15	CVE: CVE-2018-8945
		16	Signed-off-by: Armin kuster <akuster@mvista.com>
		17	---
		18	bfd/ChangeLog \| 8 ++++++++
		19	bfd/elf-attrs.c \| 9 +++++++++
		20	bfd/elf.c \| 1 +
		21	3 files changed, 18 insertions(+)
		22
		23	Index: git/bfd/elf-attrs.c
		24	===================================================================
		25	--- git.orig/bfd/elf-attrs.c
		26	+++ git/bfd/elf-attrs.c
		27	@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El
		28	/* PR 17512: file: 2844a11d. */
		29	if (hdr->sh_size == 0)
		30	return;
		31	+ if (hdr->sh_size > bfd_get_file_size (abfd))
		32	+ {
		33	+ /* xgettext:c-format */
		34	+ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
		35	+ abfd, hdr->bfd_section, (long long) hdr->sh_size);
		36	+ bfd_set_error (bfd_error_invalid_operation);
		37	+ return;
		38	+ }
		39	+
		40	contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
		41	if (!contents)
		42	return;
		43	Index: git/bfd/elf.c
		44	===================================================================
		45	--- git.orig/bfd/elf.c
		46	+++ git/bfd/elf.c
		47	@@ -298,6 +298,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
		48	/* Allocate and clear an extra byte at the end, to prevent crashes
		49	in case the string table is not terminated. */
		50	if (shstrtabsize + 1 <= 1
		51	+ \|\| shstrtabsize > bfd_get_file_size (abfd)
		52	\|\| bfd_seek (abfd, offset, SEEK_SET) != 0
		53	\|\| (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
		54	shstrtab = NULL;
		55	Index: git/bfd/ChangeLog
		56	===================================================================
		57	--- git.orig/bfd/ChangeLog
		58	+++ git/bfd/ChangeLog
		59	@@ -1,3 +1,11 @@
		60	+2018-05-08 Nick Clifton <nickc@redhat.com>
		61	+
		62	+ PR 22809
		63	+ * elf.c (bfd_elf_get_str_section): Check for an excessively large
		64	+ string section.
		65	+ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
		66	+ attribute section is larger than the size of the file.
		67	+
		68	2018-02-07 Alan Modra <amodra@gmail.com>
		69
		70	Revert 2018-01-17 Alan Modra <amodra@gmail.com>