From 5bb1d9c4ae9e959a4405f372a7ef7307fc1f1deb Mon Sep 17 00:00:00 2001
From: Thiruvadi Rajaraman <trajaraman@mvista.com>
Date: Wed, 8 Nov 2017 12:38:06 +0530
Subject: binutils: CVE-2017-14729

Source: binutils-gdb.git
MR: 76278
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 05de8bcd22d8d0b54badcd3826cd370b3aed81de
Description:

x86: Guard against corrupted PLT

There should be only one entry in PLT for a given symbol.  Set howto to
NULL after processing a PLT entry to guard against corrupted PLT so that
the duplicated PLT entries are skipped.

PR binutils/22170

Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/binutils/binutils-2.27.inc   |  1 +
 .../binutils/binutils/CVE-2017-14729.patch         | 45 ++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index b38a9583cf..b1669a4ef0 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -100,6 +100,7 @@ SRC_URI = "\
      file://CVE-2017-9955_7.patch \
      file://CVE-2017-9955_8.patch \
      file://CVE-2017-9955_9.patch \
+     file://CVE-2017-14729.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
new file mode 100644
index 0000000000..09d5143829
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
@@ -0,0 +1,45 @@
+commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date:   Fri Sep 22 14:15:40 2017 -0700
+
+x86: Guard against corrupted PLT
+
+There should be only one entry in PLT for a given symbol.  Set howto to
+NULL after processing a PLT entry to guard against corrupted PLT so that
+the duplicated PLT entries are skipped.
+
+PR binutils/22170
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-14729
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/elf-ifunc.c
+===================================================================
+--- git.orig/bfd/elf-ifunc.c	2017-11-08 12:34:22.063320490 +0530
++++ git/bfd/elf-ifunc.c	2017-11-08 12:34:29.995404891 +0530
+@@ -473,6 +473,10 @@
+       memcpy (names, "@plt", sizeof ("@plt"));
+       names += sizeof ("@plt");
+       ++s, ++n;
++      /* There should be only one entry in PLT for a given 
++         symbol.  Set howto to NULL after processing a PLT 
++         entry to guard against corrupted PLT.  */
++      p->howto = NULL;	
+     }
+ 
+   free (plt_sym_val);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-11-08 12:34:29.939404297 +0530
++++ git/bfd/ChangeLog	2017-11-08 12:35:55.660271599 +0530
+@@ -1,3 +1,9 @@
++2017-09-22  H.J. Lu  <hongjiu.lu@intel.com>
++
++       PR binutils/22170
++       * elf-ifunc.c (elf_get_synthetic_symtab): Guard against
++       corrupted PLT.
++
+ 2017-07-27  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 21840
-- 
cgit 1.2.3-korg