1 files changed, 57 insertions, 0 deletions

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch
new file mode 100644
index 0000000000..ed5403430c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch
@@ -0,0 +1,57 @@
+From 1d9a2696903fc59d6a936f4ab4e4407ef329d066 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 17 Feb 2017 15:59:45 +0000
+Subject: Fix illegal memory accesses in readelf when parsing
+ a corrupt binary.
+
+	PR binutils/21156
+	* readelf.c (find_section_in_set): Test for invalid section
+	indicies.
+
+CVE: CVE-2017-6969
+Upstream-Status: Backport [master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/readelf.c | 10 ++++++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index bd63c8a0d8..1d840b42f9 100644
+--- a/binutils/ChangeLog
++++ b/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-02-17  Nick Clifton  <nickc@redhat.com>
++
++	PR binutils/21156
++	* readelf.c (find_section_in_set): Test for invalid section
++	indicies.
++
+ 2017-02-13  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21139
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index 7c158c6342..4960491c5c 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -675,8 +675,14 @@ find_section_in_set (const char * name, unsigned int * set)
+   if (set != NULL)
+     {
+       while ((i = *set++) > 0)
+-	if (streq (SECTION_NAME (section_headers + i), name))
+-	  return section_headers + i;
++	{
++	  /* See PR 21156 for a reproducer.  */
++	  if (i >= elf_header.e_shnum)
++	    continue; /* FIXME: Should we issue an error message ?  */
++
++	  if (streq (SECTION_NAME (section_headers + i), name))
++	    return section_headers + i;
++	}
+     }
+ 
+   return find_section (name);
+-- 
+2.11.0
+